freeradius-3.0.13-10.el7
エラータID: AXSA:2019-3883:01
Release date:
Friday, May 17, 2019 - 18:47
Subject:
freeradius-3.0.13-10.el7
Affected Channels:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- FreeRADIUSには、CVE-2019-9497 と類似し、 "Dragonblood" 問題として
知られている、認証のなりすましに使われるリフレクト攻撃を妨げていない
脆弱性があります。(CVE-2019-11234)
- FreeRADIUSには、CVE-2019-9498、CVE-2019-9499 と類似し、"Dragonblood"
問題としても知られている、プロテクションメカニズムの脆弱性があります。
(CVE-2019-11235)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
Solution:
パッケージをアップデートしてください。
CVEs:
CVE-2019-11234
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
CVE-2019-11235
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
Additional Info:
N/A
Download:
SRPMS
- freeradius-3.0.13-10.el7.src.rpm
MD5: bf92f1ecd11f2d435d01dcae46698506
SHA-256: 613d324a09c493e10459143c536575348cc93094341dac5172f6154190ab3219
Size: 3.01 MB
Asianux Server 7 for x86_64
- freeradius-3.0.13-10.el7.x86_64.rpm
MD5: b10c77d28b086d2530c1340861176977
SHA-256: ca3056fdf4f39ec9c3b96a6120b62e820d4b2a839a7c4c24a650023a536df123
Size: 1.07 MB