[ MDKSA-2007:085 ] - Updated freeradius packages fix DoS vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:085
http://www.mandriva.com/security/
_______________________________________________________________________
Package : freeradius
Date : April 16, 2007
Affected: 2007.0, 2007.1, Corporate 4.0
_______________________________________________________________________
Problem Description:
Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to
cause a denial of service (memory consumption) via a large number of
EAP-TTLS tunnel connections using malformed Diameter format attributes,
which causes the authentication request to be rejected but does not
reclaim VALUE_PAIR data structures.
Updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2028
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
485265e479ed47e03c1966f773c43850
2007.0/i586/freeradius-1.1.2-2.1mdv2007.0.i586.rpm
a04d690ae7133426eb697fed54f56199
2007.0/i586/libfreeradius1-1.1.2-2.1mdv2007.0.i586.rpm
5595ff7619d10b67a436712e5a76fc78
2007.0/i586/libfreeradius1-devel-1.1.2-2.1mdv2007.0.i586.rpm
8dd97ce0b5b9ce5a198a1cfe1db0ebb5
2007.0/i586/libfreeradius1-krb5-1.1.2-2.1mdv2007.0.i586.rpm
092420b0c0b79c7d044cb54856f194d4
2007.0/i586/libfreeradius1-ldap-1.1.2-2.1mdv2007.0.i586.rpm
45a1ddd16609babbdda3f39ca9af8c39
2007.0/i586/libfreeradius1-mysql-1.1.2-2.1mdv2007.0.i586.rpm
8eaa8251f9ef2db2163da446759e338e
2007.0/i586/libfreeradius1-postgresql-1.1.2-2.1mdv2007.0.i586.rpm
3241acf858db1afa1250afe6e1f500dc
2007.0/i586/libfreeradius1-unixODBC-1.1.2-2.1mdv2007.0.i586.rpm
c7fc04dcb8df275a27d37541353bc0b8
2007.0/SRPMS/freeradius-1.1.2-2.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
95758b84f15d847e5df61d9479440700
2007.0/x86_64/freeradius-1.1.2-2.1mdv2007.0.x86_64.rpm
baded8fb60d1c41b02a790afac5c6337
2007.0/x86_64/lib64freeradius1-1.1.2-2.1mdv2007.0.x86_64.rpm
d9c95ac32f15019081f2ef6343aaf095
2007.0/x86_64/lib64freeradius1-devel-1.1.2-2.1mdv2007.0.x86_64.rpm
04d950d8db9cd92053fdf512727297cd
2007.0/x86_64/lib64freeradius1-krb5-1.1.2-2.1mdv2007.0.x86_64.rpm
2ca93232b0934ec6e5ef121e32fc487b
2007.0/x86_64/lib64freeradius1-ldap-1.1.2-2.1mdv2007.0.x86_64.rpm
cb61b2079cacc4b72ab0c7df9a4e463a
2007.0/x86_64/lib64freeradius1-mysql-1.1.2-2.1mdv2007.0.x86_64.rpm
37edc72f39c8b05ce9383e6b5810b288
2007.0/x86_64/lib64freeradius1-postgresql-1.1.2-2.1mdv2007.0.x86_64.rpm
155dbe7aed46442bdcb1a0cab0d61582
2007.0/x86_64/lib64freeradius1-unixODBC-1.1.2-2.1mdv2007.0.x86_64.rpm
c7fc04dcb8df275a27d37541353bc0b8
2007.0/SRPMS/freeradius-1.1.2-2.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
7f655754289547a87da54e7f9d56d9c1
2007.1/i586/freeradius-1.1.2-5.1mdv2007.1.i586.rpm
0db64e8f6535adb19f23d22cef6dab39
2007.1/i586/libfreeradius1-1.1.2-5.1mdv2007.1.i586.rpm
9a61e66884c6926e22039e4290b75800
2007.1/i586/libfreeradius1-devel-1.1.2-5.1mdv2007.1.i586.rpm
7db0ee6b971766dc724f31ed185c807f
2007.1/i586/libfreeradius1-krb5-1.1.2-5.1mdv2007.1.i586.rpm
1a9e9007f3f28805b6bf4d9486d4a8e7
2007.1/i586/libfreeradius1-ldap-1.1.2-5.1mdv2007.1.i586.rpm
39a710e6ef266fa3d04030e2f02405e7
2007.1/i586/libfreeradius1-mysql-1.1.2-5.1mdv2007.1.i586.rpm
862bde1f3db0207bc133f49b7d7c7907
2007.1/i586/libfreeradius1-postgresql-1.1.2-5.1mdv2007.1.i586.rpm
c1872069cc1ccac4f2468635e575d39e
2007.1/i586/libfreeradius1-unixODBC-1.1.2-5.1mdv2007.1.i586.rpm
9a9a7cf043f8486a1b148f2eb1be1a30
2007.1/SRPMS/freeradius-1.1.2-5.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
5ad448a832f4a4ed1227a33433612df9
2007.1/x86_64/freeradius-1.1.2-5.1mdv2007.1.x86_64.rpm
d675f6d01f97c0a1f603f58026e0dc1f
2007.1/x86_64/lib64freeradius1-1.1.2-5.1mdv2007.1.x86_64.rpm
4c229c337bb4fd50462bae9963911fc6
2007.1/x86_64/lib64freeradius1-devel-1.1.2-5.1mdv2007.1.x86_64.rpm
b6de623842506793d39bb488a5bf062d
2007.1/x86_64/lib64freeradius1-krb5-1.1.2-5.1mdv2007.1.x86_64.rpm
9277ae9c7e972bc3a6a539b8aa787d8e
2007.1/x86_64/lib64freeradius1-ldap-1.1.2-5.1mdv2007.1.x86_64.rpm
2ee400549d37447daa7377e38e6804ef
2007.1/x86_64/lib64freeradius1-mysql-1.1.2-5.1mdv2007.1.x86_64.rpm
19c236506fd00c8939e564625d987617
2007.1/x86_64/lib64freeradius1-postgresql-1.1.2-5.1mdv2007.1.x86_64.rpm
58a862d856c75c61cc28cc914f355f55
2007.1/x86_64/lib64freeradius1-unixODBC-1.1.2-5.1mdv2007.1.x86_64.rpm
9a9a7cf043f8486a1b148f2eb1be1a30
2007.1/SRPMS/freeradius-1.1.2-5.1mdv2007.1.src.rpm
Corporate 4.0:
c4ceeeacc64b27a3810d7b9e391052c0
corporate/4.0/i586/freeradius-1.0.4-2.3.20060mlcs4.i586.rpm
63232cd692916c816c814f39de733d75
corporate/4.0/i586/libfreeradius1-1.0.4-2.3.20060mlcs4.i586.rpm
aab0141fdb684b856871faa3a281e8b1
corporate/4.0/i586/libfreeradius1-devel-1.0.4-2.3.20060mlcs4.i586.rpm
db28ccacac6df2430c159b372356cc8d
corporate/4.0/i586/libfreeradius1-krb5-1.0.4-2.3.20060mlcs4.i586.rpm
778bdbd5643f737652d697d2b81b185e
corporate/4.0/i586/libfreeradius1-ldap-1.0.4-2.3.20060mlcs4.i586.rpm
cc3d3c9e06f9484108440498560e22d3
corporate/4.0/i586/libfreeradius1-mysql-1.0.4-2.3.20060mlcs4.i586.rpm
ec2d5a756c26a683b06b84d3f91cd573
corporate/4.0/i586/libfreeradius1-postgresql-1.0.4-2.3.20060mlcs4.i586.rpm
9564641192642abf3690e374e262ef09
corporate/4.0/i586/libfreeradius1-unixODBC-1.0.4-2.3.20060mlcs4.i586.rpm
b473a94d7dff1a06e2db7cc3da187aa5
corporate/4.0/SRPMS/freeradius-1.0.4-2.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
c1600875ddab2ce7d31d84060668e5b8
corporate/4.0/x86_64/freeradius-1.0.4-2.3.20060mlcs4.x86_64.rpm
69a84b748264aad6555d0d3d92789f32
corporate/4.0/x86_64/lib64freeradius1-1.0.4-2.3.20060mlcs4.x86_64.rpm
7b6dc0a1121b2f1d84d57e38c577c2e8
corporate/4.0/x86_64/lib64freeradius1-devel-1.0.4-2.3.20060mlcs4.x86_64.rpm
b3a479b99a541cca01a920fb35872b33
corporate/4.0/x86_64/lib64freeradius1-krb5-1.0.4-2.3.20060mlcs4.x86_64.rpm
b66b96b5897b2fee700cf5a848bb8d92
corporate/4.0/x86_64/lib64freeradius1-ldap-1.0.4-2.3.20060mlcs4.x86_64.rpm
b2585acc4c9bfabd832bce4f300b877d
corporate/4.0/x86_64/lib64freeradius1-mysql-1.0.4-2.3.20060mlcs4.x86_64.rpm
d1f8a534fb8da7f37817fd575ed680d3
corporate/4.0/x86_64/lib64freeradius1-postgresql-1.0.4-2.3.20060mlcs4.x86_64.rpm
4ad7d3c251d17fedf7479edcd818f103
corporate/4.0/x86_64/lib64freeradius1-unixODBC-1.0.4-2.3.20060mlcs4.x86_64.rpm
b473a94d7dff1a06e2db7cc3da187aa5
corporate/4.0/SRPMS/freeradius-1.0.4-2.3.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGI8qUmqjQ0CJFipgRAvv9AKDk8ohKdmfc9DibRIWXqx4qbFcWtwCg498c
tfsPJ2gb6QZPAJRgcLfunZ4=
=czGA
-----END PGP SIGNATURE-----