| Name: | freeradius |
|---|---|
| Version: | 3.0.13 |
| Release: | 15.el7 |
| Architecture: | aarch64 |
| Group: | System Environment/Daemons |
| Size: | 6424051 |
| License: | GPLv2+ and LGPLv2+ |
| RPM: | freeradius-3.0.13-15.el7.aarch64.rpm |
| Source RPM: | freeradius-3.0.13-15.el7.src.rpm |
| Build Date: | Sun May 24 2020 |
| Build Host: | ca-buildarm01.us.oracle.com |
| Vendor: | Oracle America |
| URL: | http://www.freeradius.org/ |
| Summary: | High-performance and highly configurable free RADIUS server |
| Description: | The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. The server is similar in some respects to Livingston's 2.0 server. While FreeRADIUS started as a variant of the Cistron RADIUS server, they don't share a lot in common any more. It now has many more features than Cistron or Livingston, and is much more configurable. FreeRADIUS is an Internet authentication daemon, which implements the RADIUS protocol, as defined in RFC 2865 (and others). It allows Network Access Servers (NAS boxes) to perform authentication for dial-up users. There are also RADIUS clients available for Web servers, firewalls, Unix logins, and more. Using RADIUS allows authentication and authorization for a network to be centralized, and minimizes the amount of re-configuration which has to be done when adding or deleting new users. |
- Fixes EAP-PWD: DoS issues due to multithreaded BN_CTX access Resolves: bz#1818808 * Fri Feb 7 2020 Alexander Scheel <ascheel@redhat.com> - 3.0.13-14 - Fixes receiving of multiple RADIUS packets under load Resolves: bz#1630684
- Fixes logging of cleartext pap password Resolves: bz#1677435
- Fixes paircompare with attribute references and expansions Resolves: bz#1592741
- Fixes logrotate, EAP-PWD vulnerability Resolves: bz#1719368 privilege escalation due to insecure logrotate configuration Resolves: bz#1751796 eap-pwd: Information leak due to aborting when needing more than 10 iterations
- Fixes two EAP-PWD security issues Resolves: bz#1699414 authentication bypass with an invalid curve attack Resolves: bz#1699419 fake authentication using reflection
- Fix double free in rlm_sql acct_redundant
Resolves: Bug#1551069 Radius service crashes with "Bad talloc magic value -
unknown value" when using module sql rlm_sql
- Avoid misinterpreting zero-size malloc in data2vp_extended() fix.
- Related: Bug#1469415 CVE-2017-10984 freeradius: Out-of-bounds write in
data2vp_wimax()
- Resolves: Bug#1469408 CVE-2017-10978 freeradius: Out-of-bounds read/write due
to improper output buffer size check in make_secret()
- Resolves: Bug#1469412 CVE-2017-10983 freeradius: Out-of-bounds read in
fr_dhcp_decode() when decoding option 63
- Resolves: Bug#1469415 CVE-2017-10984 freeradius: Out-of-bounds write in
data2vp_wimax()
- Resolves: Bug#1469416 CVE-2017-10985 freeradius: Infinite loop and memory
exhaustion with 'concat' attributes
- Resolves: Bug#1469419 CVE-2017-10986 freeradius: Infinite read in
dhcp_attr2vp()
- Resolves: Bug#1469422 CVE-2017-10987 freeradius: Buffer over-read in
fr_dhcp_decode_suboptions()
- Avoid race condition when creating session cache file
Resolves: Bug#1458746 CVE-2017-9148 freeradius: TLS resumption
authentication bypass
- Refer to correct package version in configuration comments for Bug#1458746
(CVE-2017-9148) fix.
Related: Bug#1458746 CVE-2017-9148 freeradius: TLS resumption
authentication bypass