[RHSA-2007:0338-01] Moderate: freeradius security update

bugzilla at redhat.com bugzilla at redhat.com
Thu May 10 16:04:17 UTC 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: freeradius security update
Advisory ID:       RHSA-2007:0338-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0338.html
Issue date:        2007-05-10
Updated on:        2007-05-10
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-2028 
- ---------------------------------------------------------------------

1. Summary:

Updated freeradius packages that fix a memory leak flaw are now available
for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

FreeRADIUS is a high-performance and highly configurable free RADIUS server
designed to allow centralized authentication and authorization for a network.

A memory leak flaw was found in the way FreeRADIUS parses certain
authentication requests. A remote attacker could send a specially crafted
authentication request which could cause FreeRADIUS to leak a small amount
of memory. If enough of these requests are sent, the FreeRADIUS daemon
would consume a vast quantity of system memory leading to a possible denial
of service.   (CVE-2007-2028)

Users of FreeRADIUS should update to these erratum packages, which contain a
backported patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

236247 - CVE-2007-2028 Freeradius EAP-TTLS denial of service

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/freeradius-1.0.1-2.RHEL3.4.src.rpm
16acced531f2fc7bcd657ebebb0a7043  freeradius-1.0.1-2.RHEL3.4.src.rpm

i386:
2ade68c6730b5308713169a67af07dbe  freeradius-1.0.1-2.RHEL3.4.i386.rpm
4383a7f497e1c59b4f74803feddc96eb  freeradius-debuginfo-1.0.1-2.RHEL3.4.i386.rpm

ia64:
2a3c95dfe1cf4465ff42a95cad14dd83  freeradius-1.0.1-2.RHEL3.4.ia64.rpm
b632cef5e4a2faf5436033b02ac2386d  freeradius-debuginfo-1.0.1-2.RHEL3.4.ia64.rpm

ppc:
99bab7aa40fd511def9c1775afacd35f  freeradius-1.0.1-2.RHEL3.4.ppc.rpm
c4ecb88c4063e32ec4e0744f26b39995  freeradius-debuginfo-1.0.1-2.RHEL3.4.ppc.rpm

s390:
dba0099b77ed297672f16f55de9f2384  freeradius-1.0.1-2.RHEL3.4.s390.rpm
aefb226740fc87b4c8f339ec156420db  freeradius-debuginfo-1.0.1-2.RHEL3.4.s390.rpm

s390x:
eefed63a1a167c2956465a2d2d61d357  freeradius-1.0.1-2.RHEL3.4.s390x.rpm
7503ff812bd61177a8b2380d157e86d9  freeradius-debuginfo-1.0.1-2.RHEL3.4.s390x.rpm

x86_64:
e4a9e393990d34ff09956b3ac5f5bec2  freeradius-1.0.1-2.RHEL3.4.x86_64.rpm
13bfef00f8b94c8b749ab837e550d759  freeradius-debuginfo-1.0.1-2.RHEL3.4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/freeradius-1.0.1-2.RHEL3.4.src.rpm
16acced531f2fc7bcd657ebebb0a7043  freeradius-1.0.1-2.RHEL3.4.src.rpm

i386:
2ade68c6730b5308713169a67af07dbe  freeradius-1.0.1-2.RHEL3.4.i386.rpm
4383a7f497e1c59b4f74803feddc96eb  freeradius-debuginfo-1.0.1-2.RHEL3.4.i386.rpm

ia64:
2a3c95dfe1cf4465ff42a95cad14dd83  freeradius-1.0.1-2.RHEL3.4.ia64.rpm
b632cef5e4a2faf5436033b02ac2386d  freeradius-debuginfo-1.0.1-2.RHEL3.4.ia64.rpm

x86_64:
e4a9e393990d34ff09956b3ac5f5bec2  freeradius-1.0.1-2.RHEL3.4.x86_64.rpm
13bfef00f8b94c8b749ab837e550d759  freeradius-debuginfo-1.0.1-2.RHEL3.4.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/freeradius-1.0.1-3.RHEL4.5.src.rpm
341e6a10536266d2f486e259fd53ff52  freeradius-1.0.1-3.RHEL4.5.src.rpm

i386:
d7fc6d5adf3079eafd2e184a55669907  freeradius-1.0.1-3.RHEL4.5.i386.rpm
2f925855363b10735d5307811d73590d  freeradius-debuginfo-1.0.1-3.RHEL4.5.i386.rpm
2e578dd77c42f01523309f22ed89055a  freeradius-mysql-1.0.1-3.RHEL4.5.i386.rpm
96adb0a1539991fcbedafdd3c5e717ba  freeradius-postgresql-1.0.1-3.RHEL4.5.i386.rpm
6452ae9ee4a3b1d916767133183efd38  freeradius-unixODBC-1.0.1-3.RHEL4.5.i386.rpm

ia64:
92535ef1b3ac52a97de75ca8b3b02cf9  freeradius-1.0.1-3.RHEL4.5.ia64.rpm
9bf86dc71ede4397c36abd9c5b2ba31f  freeradius-debuginfo-1.0.1-3.RHEL4.5.ia64.rpm
27aeadbd8bc2fba3686388e8f943657d  freeradius-mysql-1.0.1-3.RHEL4.5.ia64.rpm
ba11993378ae4ba62c5453be45a81a08  freeradius-postgresql-1.0.1-3.RHEL4.5.ia64.rpm
7dbee683999da2946ba74fcde3e3dad6  freeradius-unixODBC-1.0.1-3.RHEL4.5.ia64.rpm

ppc:
f6199d7e8a2709aed1ddbfb0b998193c  freeradius-1.0.1-3.RHEL4.5.ppc.rpm
d9a0fef3a2e01106ec666ea22ba35e61  freeradius-debuginfo-1.0.1-3.RHEL4.5.ppc.rpm
24b516e8c8d8c7b8c4c82f36594f535a  freeradius-mysql-1.0.1-3.RHEL4.5.ppc.rpm
69b795f0ba24fb5742af5b287982020c  freeradius-postgresql-1.0.1-3.RHEL4.5.ppc.rpm
2dcbfdd14f673e535e88dc734292184c  freeradius-unixODBC-1.0.1-3.RHEL4.5.ppc.rpm

s390:
9e9d4b08f22af5f51707330015f37315  freeradius-1.0.1-3.RHEL4.5.s390.rpm
dc2af5dc7c47970eed5fb497d09d28dd  freeradius-debuginfo-1.0.1-3.RHEL4.5.s390.rpm
288da7a5dfc7129000efeeec4f5d8835  freeradius-mysql-1.0.1-3.RHEL4.5.s390.rpm
ba86f2ac7ac7ee2624932dd1658abdf1  freeradius-postgresql-1.0.1-3.RHEL4.5.s390.rpm
e345fdeb5bfe1683c200d0788c933854  freeradius-unixODBC-1.0.1-3.RHEL4.5.s390.rpm

s390x:
0522321a2c7664c2dce0ff4ec1675643  freeradius-1.0.1-3.RHEL4.5.s390x.rpm
b736945cbd4790f2efd4943270f2d9f5  freeradius-debuginfo-1.0.1-3.RHEL4.5.s390x.rpm
98afc32b8070ecbe9203ae5629bb2311  freeradius-mysql-1.0.1-3.RHEL4.5.s390x.rpm
c3270337b10283220d90424785393514  freeradius-postgresql-1.0.1-3.RHEL4.5.s390x.rpm
3701a89bd7317bd29dcaf214b810583b  freeradius-unixODBC-1.0.1-3.RHEL4.5.s390x.rpm

x86_64:
e23e49fbdd33e367a9a85adb5b49d296  freeradius-1.0.1-3.RHEL4.5.x86_64.rpm
43b61e0fbbb613621be589d6707dc155  freeradius-debuginfo-1.0.1-3.RHEL4.5.x86_64.rpm
4eef099fa257b8e890672a07a7f6495e  freeradius-mysql-1.0.1-3.RHEL4.5.x86_64.rpm
302ec92e91a8354b863d702c8446db2d  freeradius-postgresql-1.0.1-3.RHEL4.5.x86_64.rpm
ed2b2e5d08e426d42e1a7c58aec1908d  freeradius-unixODBC-1.0.1-3.RHEL4.5.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/freeradius-1.0.1-3.RHEL4.5.src.rpm
341e6a10536266d2f486e259fd53ff52  freeradius-1.0.1-3.RHEL4.5.src.rpm

i386:
d7fc6d5adf3079eafd2e184a55669907  freeradius-1.0.1-3.RHEL4.5.i386.rpm
2f925855363b10735d5307811d73590d  freeradius-debuginfo-1.0.1-3.RHEL4.5.i386.rpm
2e578dd77c42f01523309f22ed89055a  freeradius-mysql-1.0.1-3.RHEL4.5.i386.rpm
96adb0a1539991fcbedafdd3c5e717ba  freeradius-postgresql-1.0.1-3.RHEL4.5.i386.rpm
6452ae9ee4a3b1d916767133183efd38  freeradius-unixODBC-1.0.1-3.RHEL4.5.i386.rpm

ia64:
92535ef1b3ac52a97de75ca8b3b02cf9  freeradius-1.0.1-3.RHEL4.5.ia64.rpm
9bf86dc71ede4397c36abd9c5b2ba31f  freeradius-debuginfo-1.0.1-3.RHEL4.5.ia64.rpm
27aeadbd8bc2fba3686388e8f943657d  freeradius-mysql-1.0.1-3.RHEL4.5.ia64.rpm
ba11993378ae4ba62c5453be45a81a08  freeradius-postgresql-1.0.1-3.RHEL4.5.ia64.rpm
7dbee683999da2946ba74fcde3e3dad6  freeradius-unixODBC-1.0.1-3.RHEL4.5.ia64.rpm

x86_64:
e23e49fbdd33e367a9a85adb5b49d296  freeradius-1.0.1-3.RHEL4.5.x86_64.rpm
43b61e0fbbb613621be589d6707dc155  freeradius-debuginfo-1.0.1-3.RHEL4.5.x86_64.rpm
4eef099fa257b8e890672a07a7f6495e  freeradius-mysql-1.0.1-3.RHEL4.5.x86_64.rpm
302ec92e91a8354b863d702c8446db2d  freeradius-postgresql-1.0.1-3.RHEL4.5.x86_64.rpm
ed2b2e5d08e426d42e1a7c58aec1908d  freeradius-unixODBC-1.0.1-3.RHEL4.5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freeradius-1.1.3-1.2.el5.src.rpm
421aeb33b108c165188ca18b1cc71506  freeradius-1.1.3-1.2.el5.src.rpm

i386:
b75c3b2ad29a1481d5cea1a66a4c4ee5  freeradius-1.1.3-1.2.el5.i386.rpm
e472e7a8e0de834ad59044839f351dec  freeradius-debuginfo-1.1.3-1.2.el5.i386.rpm
53931b60c8925645523643d9a39b702b  freeradius-mysql-1.1.3-1.2.el5.i386.rpm
2ef7d86d56706ca546c84953dd893cc1  freeradius-postgresql-1.1.3-1.2.el5.i386.rpm
5a85ae9a32584d17fef3405bef2c0945  freeradius-unixODBC-1.1.3-1.2.el5.i386.rpm

x86_64:
3c04dd84b8061d0955888ef4267a8584  freeradius-1.1.3-1.2.el5.x86_64.rpm
ccb9c3a59516e0718831558a93000d83  freeradius-debuginfo-1.1.3-1.2.el5.x86_64.rpm
dd22b0a03b483cda08dc8f2ce0061bec  freeradius-mysql-1.1.3-1.2.el5.x86_64.rpm
6ecf4c4becc6e83991635b4c3edc8fe1  freeradius-postgresql-1.1.3-1.2.el5.x86_64.rpm
c47b1e5d022d77942956b92eee3774e8  freeradius-unixODBC-1.1.3-1.2.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/freeradius-1.1.3-1.2.el5.src.rpm
421aeb33b108c165188ca18b1cc71506  freeradius-1.1.3-1.2.el5.src.rpm

i386:
b75c3b2ad29a1481d5cea1a66a4c4ee5  freeradius-1.1.3-1.2.el5.i386.rpm
e472e7a8e0de834ad59044839f351dec  freeradius-debuginfo-1.1.3-1.2.el5.i386.rpm
53931b60c8925645523643d9a39b702b  freeradius-mysql-1.1.3-1.2.el5.i386.rpm
2ef7d86d56706ca546c84953dd893cc1  freeradius-postgresql-1.1.3-1.2.el5.i386.rpm
5a85ae9a32584d17fef3405bef2c0945  freeradius-unixODBC-1.1.3-1.2.el5.i386.rpm

ia64:
50548f886a00244fed8986f57c568ebc  freeradius-1.1.3-1.2.el5.ia64.rpm
6372d3298e0539742e5241209fcf0200  freeradius-debuginfo-1.1.3-1.2.el5.ia64.rpm
c8d3bbddd86aef908d638ece8bc49378  freeradius-mysql-1.1.3-1.2.el5.ia64.rpm
0b72285429d508c3669f80fd1b6d4643  freeradius-postgresql-1.1.3-1.2.el5.ia64.rpm
437eef951896015daa236a4e340bdf30  freeradius-unixODBC-1.1.3-1.2.el5.ia64.rpm

ppc:
bfb6e97c4d24539588e2c385b722ddb6  freeradius-1.1.3-1.2.el5.ppc.rpm
434f3f297ada25d60b74a2c15a189772  freeradius-debuginfo-1.1.3-1.2.el5.ppc.rpm
8c92229b5a043df028a4a97ca6e20467  freeradius-mysql-1.1.3-1.2.el5.ppc.rpm
c2b82de68150f7c33ac7e6b3d9e0b369  freeradius-postgresql-1.1.3-1.2.el5.ppc.rpm
c0eaf20c1d623d6511ec0717b586fd2c  freeradius-unixODBC-1.1.3-1.2.el5.ppc.rpm

s390x:
62fd5a26b3aacbaa4427de2f912350a0  freeradius-1.1.3-1.2.el5.s390x.rpm
c607ad59e91c3e0f125e5eadc810d8e5  freeradius-debuginfo-1.1.3-1.2.el5.s390x.rpm
600d776c8f97916f800312b90bb66006  freeradius-mysql-1.1.3-1.2.el5.s390x.rpm
7049a56d35bb367c345a88be3b79136a  freeradius-postgresql-1.1.3-1.2.el5.s390x.rpm
87060d5f35e2f37965759280dc47ee50  freeradius-unixODBC-1.1.3-1.2.el5.s390x.rpm

x86_64:
3c04dd84b8061d0955888ef4267a8584  freeradius-1.1.3-1.2.el5.x86_64.rpm
ccb9c3a59516e0718831558a93000d83  freeradius-debuginfo-1.1.3-1.2.el5.x86_64.rpm
dd22b0a03b483cda08dc8f2ce0061bec  freeradius-mysql-1.1.3-1.2.el5.x86_64.rpm
6ecf4c4becc6e83991635b4c3edc8fe1  freeradius-postgresql-1.1.3-1.2.el5.x86_64.rpm
c47b1e5d022d77942956b92eee3774e8  freeradius-unixODBC-1.1.3-1.2.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2028
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGQ0J9XlSAg2UNWIIRAl+kAJ9rFXg7abGqc2Zkn3NMmraSoDUexACfUXwW
fnEAi+u+1Re9auKUty0+LGM=
=2H5f
-----END PGP SIGNATURE-----






More information about the Enterprise-watch-list mailing list