Advisories » MGASA-2021-0342

Updated freeradius packages fix security vulnerabilities

Publication date: 12 Jul 2021
Modification date: 12 Jul 2021
Type: security
Affected Mageia releases : 7 , 8

Description

Moved logrotate options into specific parts for each log as "global" options
will persist past and clobber global options in the main logrotate config
(bsc#1180525).

Fixed plaintext password entries in logfiles (bsc#1184016).

The freeradius package has been updated to version 3.0.22, fixing these issues
and other bugs. See the upstream release announcements for details.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=29059
• https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_21
• https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_22
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TLMELQDBBH6JKZK2EHVYSSE6THAIWIP2/
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U4OYNG7T54XRRYWVRHWU4UTH3NXGSVTV/

SRPMS

8/core

• freeradius-3.0.22-1.mga8

7/core

• freeradius-3.0.22-1.mga7