[ MDKSA-2006:060 ] - Updated FreeRADIUS packages fix EAP-MSCHAPv2 module vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:060
http://www.mandriva.com/security/
_______________________________________________________________________
Package : freeradius
Date : March 23, 2006
Affected: 2006.0
_______________________________________________________________________
Problem Description:
An unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows
remote attackers to bypass authentication or cause a denial of service
(server crash) via "Insufficient input validation" in the EAP-MSCHAPv2
state machine module.
Updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1354
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
f5694e70f14cbd19b83fd27b2486206c
2006.0/RPMS/freeradius-1.0.4-2.1.20060mdk.i586.rpm
9659a4da82f833ad9f981ea7227868b2
2006.0/RPMS/libfreeradius1-1.0.4-2.1.20060mdk.i586.rpm
f9a3447563fef1dfb6340999b1d826de
2006.0/RPMS/libfreeradius1-devel-1.0.4-2.1.20060mdk.i586.rpm
bf2f92256eaa0ce809d792e8e24611a1
2006.0/RPMS/libfreeradius1-krb5-1.0.4-2.1.20060mdk.i586.rpm
044cc3fbaa56104318ba267cdab184f9
2006.0/RPMS/libfreeradius1-ldap-1.0.4-2.1.20060mdk.i586.rpm
4b8c8e812804df23e9f6596d905621be
2006.0/RPMS/libfreeradius1-mysql-1.0.4-2.1.20060mdk.i586.rpm
c2623a903a88573a3b768f2ebe7eacbb
2006.0/RPMS/libfreeradius1-postgresql-1.0.4-2.1.20060mdk.i586.rpm
28c6de397354d35ee9df21d8e191ebbe
2006.0/RPMS/libfreeradius1-unixODBC-1.0.4-2.1.20060mdk.i586.rpm
085c52e42b5cc7fc22837abd0f9c5139
2006.0/SRPMS/freeradius-1.0.4-2.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
bfce7c3070118389bfb438cf21172339
x86_64/2006.0/RPMS/freeradius-1.0.4-2.1.20060mdk.x86_64.rpm
16da145b1daefdb21ddf948840e5080d
x86_64/2006.0/RPMS/lib64freeradius1-1.0.4-2.1.20060mdk.x86_64.rpm
8a31178431515a527b098eba3cae4d24
x86_64/2006.0/RPMS/lib64freeradius1-devel-1.0.4-2.1.20060mdk.x86_64.rpm
ea2fac845a7de5897fc5a8cfc10aa567
x86_64/2006.0/RPMS/lib64freeradius1-krb5-1.0.4-2.1.20060mdk.x86_64.rpm
df111b875358584ec03dc45c16a18cb5
x86_64/2006.0/RPMS/lib64freeradius1-ldap-1.0.4-2.1.20060mdk.x86_64.rpm
a8b1ab60450cae42203318941f32a596
x86_64/2006.0/RPMS/lib64freeradius1-mysql-1.0.4-2.1.20060mdk.x86_64.rpm
dad9cba86a4bbe8dd30d052853989094
x86_64/2006.0/RPMS/lib64freeradius1-postgresql-1.0.4-2.1.20060mdk.x86_64.rpm
c058e7e6d30729aefa60dd7cf3fe3ab3
x86_64/2006.0/RPMS/lib64freeradius1-unixODBC-1.0.4-2.1.20060mdk.x86_64.rpm
085c52e42b5cc7fc22837abd0f9c5139
x86_64/2006.0/SRPMS/freeradius-1.0.4-2.1.20060mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEIyNkmqjQ0CJFipgRAqX7AKDlD7ZrED1MAZDU8zXs/JOq6wk2VwCffGiU
ZMogegmLH8UXUd2dlOmdwh8=
=BcHF
-----END PGP SIGNATURE-----