[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Fedora Legacy Test Update Notification: freeradius

From: Marc Deslauriers <marcdeslauriers videotron ca>
To: fedora-legacy-list redhat com
Subject: Fedora Legacy Test Update Notification: freeradius
Date: Sat, 18 Dec 2004 14:17:44 -0500

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2004-2187
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2187
2004-12-18
---------------------------------------------------------------------

Name        : freeradius
FC1 Version : 1.0.1-0.FC1.5.legacy
Summary     : High-performance and highly configurable free RADIUS
              server.
Description :
The FreeRADIUS Server Project is a high performance and highly
configurable GPL'd free RADIUS server. The server is similar in some
respects to Livingston's 2.0 server.  While FreeRADIUS started as a
variant of the Cistron RADIUS server, they don't share a lot in common
any more. It now has many more features than Cistron or Livingston,
and is much more configurable.

---------------------------------------------------------------------
Update Information:

Updated freeradius packages that fix a number of denial of service
vulnerabilities as well as minor bugs are now available.

FreeRADIUS is a high-performance and highly configurable free RADIUS
server designed to allow centralized authentication and authorization
for a network.

A number of flaws were found in FreeRADIUS versions prior to 1.0.1. An
attacker who is able to send packets to the server could construct
carefully constructed packets in such a way as to cause the server to
consume memory or crash. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the names CAN-2004-0938,
CAN-2004-0960, and CAN-2004-0961 to these issues.

Please note that the pam config file included in these packages was
renamed to /etc/pam.d/radiusd.

Users of FreeRADIUS should update to these erratum packages that contain
FreeRADIUS 1.0.1, which is not vulnerable to these issues and also
corrects a number of bugs.

---------------------------------------------------------------------
Changelogs

fc1: * Sun Dec 05 2004 Marc Deslauriers <marcdeslauriers videotron ca> 1.0.1-0.FC1.5.legacy - Marked /etc/raddb/dictionary as a config file - Changed path references to rpm macros

* Sun Dec 05 2004 Marc Deslauriers <marcdeslauriers videotron ca> 1.0.1-0.FC1.4.legacy - Fixed install problem of radeapclient (RH #138069)

* Mon Nov 29 2004 Rob Myers <rob myers gtri gatech edu> 1.0.1-0.FC1.3.legacy
- rebuild for FC1
- fixes FL #2187
- NB: pam file is renamed

* Thu Oct 28 2004 Thomas Woerner <twoerner redhat com> 1.0.1-0.FC2
- new version 1.0.1: fixes (#137424)
  CAN-2004-0938 Freeradius < 1.0.1 DoS and remote crash (CAN-2004-0960,
  CAN-2004-0961)
- applied radrelay CVS patch from Kevin Bonner

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

fc1: 83a5b013fac1aaa3caee75ea97dadb9ead68ca6c fedora/1/updates-testing/i386/freeradius-1.0.1-0.FC1.5.legacy.i386.rpm 6b9dfc73490b32784112f0f6f0cde1d87f1812f7 fedora/1/updates-testing/i386/freeradius-mysql-1.0.1-0.FC1.5.legacy.i386.rpm 58b1e0975443a435c982b394f775337a8eedde9a fedora/1/updates-testing/i386/freeradius-postgresql-1.0.1-0.FC1.5.legacy.i386.rpm 94b816b7da430f359401dade849820c962b5ad98 fedora/1/updates-testing/i386/freeradius-unixODBC-1.0.1-0.FC1.5.legacy.i386.rpm c26c9fe20f721946bbcf7723b654ce72d1fd587f fedora/1/updates-testing/SRPMS/freeradius-1.0.1-0.FC1.5.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]