freeradius:3.0 Security update
エラータID: AXSA:2020-789:01
Release date:
Sunday, October 25, 2020 - 16:46
Subject:
freeradius:3.0 Security update
Affected Channels:
Asianux Server 8 for x86_64
Severity:
High
Description:
Authentication Dial In User Service (RADIUS) server, designed to allow
centralized authentication and authorization for a network.
Security Fix(es):
freeradius: eap-pwd: Information leak due to aborting when needing more than
10 iterations (CVE-2019-13456)
CVE-2019-13456
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Modularity name: freeradius
Stream name: 3.0
Solution:
Update packages.
CVEs:
CVE-2019-13456
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
Additional Info:
N/A
Download:
SRPMS
- freeradius-3.0.17-7.module+el8+131+7d6cdfca.src.rpm
MD5: 34e0036190e0998f0ab80e9a1c782589
SHA-256: ef52bd22fe577ad808a09771dd8ce02d33ddbfedba2f3ae2d13ce700b62852f0
Size: 3.05 MB
Asianux Server 8 for x86_64
- freeradius-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: 978b6375d4bac5b4ecb32a77c6aa239c
SHA-256: 982a0245b9bb5b5ed3b9adeb9a2634495c735332dbeedf15454749bcf0b63d9a
Size: 1.10 MB - freeradius-devel-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: 2ced369188a3acd39b2309cea878e273
SHA-256: 5faa84843b78c5283251d90891c2ae7ddaea4385a9057e7ff5f332ba7c143a78
Size: 128.65 kB - freeradius-doc-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: 467a17ddae638e040ae84b85f1d47bbd
SHA-256: 111fc02ee165a549a930909f1991085eb816ae545efb0a0ab7bd31645221d378
Size: 957.75 kB - freeradius-krb5-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: c98099554f778c34fb80d773086f6d6e
SHA-256: 983bcc66efc9272fd5a4b3f2ddc8312e512cde5bc62f48b42e564582e3397895
Size: 84.98 kB - freeradius-ldap-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: f6f4418e6c253c0d9bad745872212f6e
SHA-256: c6e04b22de374fdd20d7eb685f7a925840f8f78daea8f3f6d55ad03c6f4dcf6b
Size: 115.55 kB - freeradius-mysql-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: 7c0a10d49021ec15fbba148c73f48ab7
SHA-256: 2fa529e7d183d636bfc6345bc4225108f089fd527e0a763ec5a6669aa74f9f95
Size: 95.51 kB - freeradius-perl-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: 7fa6e925728165ff82c539bd84dc4f66
SHA-256: d91665a7560261edf701610ec47dc62b168987896a7210528d43cc84aebc1479
Size: 94.32 kB - freeradius-postgresql-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: cbc4ce019c635d26076891d2cb975487
SHA-256: 012b6f7be1e12bb6f3975882adf45b71aedb4146ebf2a901f8aab5f16924ba84
Size: 101.57 kB - freeradius-rest-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: ed6e4b2c2e23a4c23a5e18834930a6a7
SHA-256: 39dc3808d4707dadfb81b9b461870e711ae27c0557ecd162469a69484f998b3e
Size: 98.90 kB - freeradius-sqlite-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: c77ccd6afb02122d0c54aab5e845ab25
SHA-256: 731e60b0178f0916f02656147f0887095aea239c3cf98b3fc37f1e65bc18340c
Size: 93.67 kB - freeradius-unixODBC-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: 7edf3fb6a9b7e2510ddc37b249853d2d
SHA-256: f6d82b30f1ce97697282310f1ee0985efd9b84a5d519ee3231837d40f70aa678
Size: 82.57 kB - freeradius-utils-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: a0b13c059c34bd240383d8dcf199afe3
SHA-256: 720360cabb40110f8325e5fc0987a3d0c1a20aa914e96ee4cd7ccb9f28293dae
Size: 238.14 kB