<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2006:060 ] - Updated FreeRADIUS packages fix EAP-MSCHAPv2 module vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:060
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : freeradius
 Date    : March 23, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 An unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows 
 remote attackers to bypass authentication or cause a denial of service 
 (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 
 state machine module.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1354
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 f5694e70f14cbd19b83fd27b2486206c  
2006.0/RPMS/freeradius-1.0.4-2.1.20060mdk.i586.rpm
 9659a4da82f833ad9f981ea7227868b2  
2006.0/RPMS/libfreeradius1-1.0.4-2.1.20060mdk.i586.rpm
 f9a3447563fef1dfb6340999b1d826de  
2006.0/RPMS/libfreeradius1-devel-1.0.4-2.1.20060mdk.i586.rpm
 bf2f92256eaa0ce809d792e8e24611a1  
2006.0/RPMS/libfreeradius1-krb5-1.0.4-2.1.20060mdk.i586.rpm
 044cc3fbaa56104318ba267cdab184f9  
2006.0/RPMS/libfreeradius1-ldap-1.0.4-2.1.20060mdk.i586.rpm
 4b8c8e812804df23e9f6596d905621be  
2006.0/RPMS/libfreeradius1-mysql-1.0.4-2.1.20060mdk.i586.rpm
 c2623a903a88573a3b768f2ebe7eacbb  
2006.0/RPMS/libfreeradius1-postgresql-1.0.4-2.1.20060mdk.i586.rpm
 28c6de397354d35ee9df21d8e191ebbe  
2006.0/RPMS/libfreeradius1-unixODBC-1.0.4-2.1.20060mdk.i586.rpm
 085c52e42b5cc7fc22837abd0f9c5139  
2006.0/SRPMS/freeradius-1.0.4-2.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 bfce7c3070118389bfb438cf21172339  
x86_64/2006.0/RPMS/freeradius-1.0.4-2.1.20060mdk.x86_64.rpm
 16da145b1daefdb21ddf948840e5080d  
x86_64/2006.0/RPMS/lib64freeradius1-1.0.4-2.1.20060mdk.x86_64.rpm
 8a31178431515a527b098eba3cae4d24  
x86_64/2006.0/RPMS/lib64freeradius1-devel-1.0.4-2.1.20060mdk.x86_64.rpm
 ea2fac845a7de5897fc5a8cfc10aa567  
x86_64/2006.0/RPMS/lib64freeradius1-krb5-1.0.4-2.1.20060mdk.x86_64.rpm
 df111b875358584ec03dc45c16a18cb5  
x86_64/2006.0/RPMS/lib64freeradius1-ldap-1.0.4-2.1.20060mdk.x86_64.rpm
 a8b1ab60450cae42203318941f32a596  
x86_64/2006.0/RPMS/lib64freeradius1-mysql-1.0.4-2.1.20060mdk.x86_64.rpm
 dad9cba86a4bbe8dd30d052853989094  
x86_64/2006.0/RPMS/lib64freeradius1-postgresql-1.0.4-2.1.20060mdk.x86_64.rpm
 c058e7e6d30729aefa60dd7cf3fe3ab3  
x86_64/2006.0/RPMS/lib64freeradius1-unixODBC-1.0.4-2.1.20060mdk.x86_64.rpm
 085c52e42b5cc7fc22837abd0f9c5139  
x86_64/2006.0/SRPMS/freeradius-1.0.4-2.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEIyNkmqjQ0CJFipgRAqX7AKDlD7ZrED1MAZDU8zXs/JOq6wk2VwCffGiU
ZMogegmLH8UXUd2dlOmdwh8=
=BcHF
-----END PGP SIGNATURE-----