[ MDKSA-2006:066 ] - Updated FreeRADIUS packages fix off-by-one overflow vulnerabilty
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:066
http://www.mandriva.com/security/
_______________________________________________________________________
Package : freeradius
Date : April 5, 2006
Affected: 2006.0
_______________________________________________________________________
Problem Description:
Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS
might allow remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code by causing the external database query to
fail.
Updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4744
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
dbf792c05499b1b0f483e2628e4e3a0c
2006.0/RPMS/freeradius-1.0.4-2.2.20060mdk.i586.rpm
20a499885c152171b4ecf72617301e86
2006.0/RPMS/libfreeradius1-1.0.4-2.2.20060mdk.i586.rpm
eb639a959447585207f47499a92a81b6
2006.0/RPMS/libfreeradius1-devel-1.0.4-2.2.20060mdk.i586.rpm
a37aecd75fec4406a1d944aea926b63b
2006.0/RPMS/libfreeradius1-krb5-1.0.4-2.2.20060mdk.i586.rpm
e5e6c92fdce5c10a999d462dc96f20b3
2006.0/RPMS/libfreeradius1-ldap-1.0.4-2.2.20060mdk.i586.rpm
ec0beb94a0016f0da9764fe833a1a41b
2006.0/RPMS/libfreeradius1-mysql-1.0.4-2.2.20060mdk.i586.rpm
d5fec5ff3bd6053851e8dbcfddefe535
2006.0/RPMS/libfreeradius1-postgresql-1.0.4-2.2.20060mdk.i586.rpm
f18a3cdc2cd4b0e3f7d7ceb84cdc34be
2006.0/RPMS/libfreeradius1-unixODBC-1.0.4-2.2.20060mdk.i586.rpm
750de7e23906aa4f6bbc6a8ed6da295b
2006.0/SRPMS/freeradius-1.0.4-2.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
f75f0826766c30532fbcbbd27ffeccc8
x86_64/2006.0/RPMS/freeradius-1.0.4-2.2.20060mdk.x86_64.rpm
4310dba6f4752ae7b27d15fe0af2a402
x86_64/2006.0/RPMS/lib64freeradius1-1.0.4-2.2.20060mdk.x86_64.rpm
547dbae3b463e33982ad319c65384a8a
x86_64/2006.0/RPMS/lib64freeradius1-devel-1.0.4-2.2.20060mdk.x86_64.rpm
1fa46e4c163c05bed1a8544f02881782
x86_64/2006.0/RPMS/lib64freeradius1-krb5-1.0.4-2.2.20060mdk.x86_64.rpm
941a65dbf633ce8c27d8177f1e92bcc8
x86_64/2006.0/RPMS/lib64freeradius1-ldap-1.0.4-2.2.20060mdk.x86_64.rpm
524fa1fd942ba855bcc0ca61f809c0df
x86_64/2006.0/RPMS/lib64freeradius1-mysql-1.0.4-2.2.20060mdk.x86_64.rpm
401ef07bb964c66a600f4c2d36ba8a55
x86_64/2006.0/RPMS/lib64freeradius1-postgresql-1.0.4-2.2.20060mdk.x86_64.rpm
d35f0af7da3f4df1ff3d05bcae31244c
x86_64/2006.0/RPMS/lib64freeradius1-unixODBC-1.0.4-2.2.20060mdk.x86_64.rpm
750de7e23906aa4f6bbc6a8ed6da295b
x86_64/2006.0/SRPMS/freeradius-1.0.4-2.2.20060mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFENCwEmqjQ0CJFipgRAuPTAJ9FWccQDpjy/26zJJNUDEK7+riKzACfQqD8
krtp8GgCoZ+TdrKKXvoC6E8=
=RRZg
-----END PGP SIGNATURE-----