-
Thu Apr 25 2019 Alexander Scheel <ascheel@redhat.com> - 3.0.13-10
- Fixes two EAP-PWD security issues
Resolves: bz#1699413 authentication bypass with an invalid curve attack
-
Thu Feb 22 2018 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.13-9
- Fix double free in rlm_sql acct_redundant
Resolves: Bug#1551069 Radius service crashes with "Bad talloc magic value -
unknown value" when using module sql rlm_sql
-
Mon Jul 17 2017 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.13-8
- Avoid misinterpreting zero-size malloc in data2vp_extended() fix.
- Related: Bug#1469415 CVE-2017-10984 freeradius: Out-of-bounds write in
data2vp_wimax()
-
Tue Jul 11 2017 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.13-7
- Resolves: Bug#1469408 CVE-2017-10978 freeradius: Out-of-bounds read/write due
to improper output buffer size check in make_secret()
- Resolves: Bug#1469412 CVE-2017-10983 freeradius: Out-of-bounds read in
fr_dhcp_decode() when decoding option 63
- Resolves: Bug#1469415 CVE-2017-10984 freeradius: Out-of-bounds write in
data2vp_wimax()
- Resolves: Bug#1469416 CVE-2017-10985 freeradius: Infinite loop and memory
exhaustion with 'concat' attributes
- Resolves: Bug#1469419 CVE-2017-10986 freeradius: Infinite read in
dhcp_attr2vp()
- Resolves: Bug#1469422 CVE-2017-10987 freeradius: Buffer over-read in
fr_dhcp_decode_suboptions()
-
Thu Jun 15 2017 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.13-6
- Avoid race condition when creating session cache file
Resolves: Bug#1458746 CVE-2017-9148 freeradius: TLS resumption
authentication bypass
-
Tue Jun 06 2017 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.13-5
- Refer to correct package version in configuration comments for Bug#1458746
(CVE-2017-9148) fix.
Related: Bug#1458746 CVE-2017-9148 freeradius: TLS resumption
authentication bypass
-
Tue Jun 06 2017 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.13-4
- Disable internal OpenSSL cache.
Resolves: Bug#1458746 CVE-2017-9148 freeradius: TLS resumption
authentication bypass
- Check sizeof(*packet), not sizeof(packet) in EAP-PWD
Resolves: Bug#1459073 Potential buffer overflow in FreeRADIUS EAP-PWD
- Parse port as well as address for dhcpclient destination
Resolves: Bug#1457825 dhcpclient does no accept IP:PORT
-
Wed Mar 29 2017 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.13-3
- Explicitly disable rlm_cache_memcached to avoid error when the module's
dependencies are installed, and it is built, but not packaged.
Related: Bug#1202751 Rebase FreeRADIUS to 3.0.12 or later minor release
- Prevent segfaults by adding a missing handling of connection errors in
rlm_ldap.
Resolves: Bug#1437409 [abrt] freeradius: radiusd killed by SIGSEGV
- Make radtest use Cleartext-Password for EAP, fixing its support for eap-md5.
Resolves: Bug#1436619 radtest does not work with eap-md5
-
Thu Mar 23 2017 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.13-2
- Fix some issues found with static analyzers.
Resolves: Bug#1432103 FreeRADIUS fails covscan checks
- Revert rlm_eap_tnc removal, because the tncfhh package is still in RHEL.
Related: Bug#1202751 Rebase FreeRADIUS to 3.0.12 or later minor release
-
Tue Mar 07 2017 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.13-1
- Upgrade to upstream v3.0.13 release.
See upstream ChangeLog for details (in freeradius-doc subpackage).
Related: Bug#1202751 Rebase FreeRADIUS to 3.0.12 or later minor release
Resolves: Bug#1329181 freeradius-python fix libpython2.7.so dependency at
compile time
Resolves: Bug#1425869 Radiusd does not trigger modules.sql.fail trap if it
can't connect to mysql server
Resolves: Bug#1427829 Stack overflow when passing bare IPv6 to radclient