freeradius-3.0.21-40.el9_4

エラータID: AXSA:2024-8631:02

Release date: 
Thursday, August 1, 2024 - 18:05
Subject: 
freeradius-3.0.21-40.el9_4
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network.

Security Fix(es):

* freeradius: forgery attack (CVE-2024-3596)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-3596
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

Solution: 

Update packages.

CVEs: 
CVE-2024-3596
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
Additional Info: 

N/A

Download: 

SRPMS
  1. freeradius-3.0.21-40.el9_4.src.rpm
    MD5: 25cf5a85520faf32261201187a1acf58
    SHA-256: a8ce800c84c364ec6ecc46784c9c67c991145328500cfc16486243d10487d939
    Size: 3.25 MB

Asianux Server 9 for x86_64
  1. freeradius-3.0.21-40.el9_4.x86_64.rpm
    MD5: 0f38d07f70022e7b843e3d6f033b5cfb
    SHA-256: b5a3e9589aaea985b4a1c066fc66749f2ffaf6127223f4e338bd5988486d9491
    Size: 1.17 MB
  2. freeradius-devel-3.0.21-40.el9_4.x86_64.rpm
    MD5: 77b9752e26f0954edef301866a50daf9
    SHA-256: aeda76a50f4558bfe4ef3d8acad4ad1886660d11b0edaed01118332673f8c0f4
    Size: 83.46 kB
  3. freeradius-doc-3.0.21-40.el9_4.x86_64.rpm
    MD5: a04551c028531b62bb75f2ea863c2f3a
    SHA-256: f891a3637a3be476b90fda705dd967b665be8b4506de4c45c5a147699d703034
    Size: 812.29 kB
  4. freeradius-krb5-3.0.21-40.el9_4.x86_64.rpm
    MD5: 5ef9e0ef894251e6b9da90f9801019fb
    SHA-256: a5b1e2a8a751bdbba9ef4359167c92ec550d729b3b9972fdd6180bb1e5267652
    Size: 16.17 kB
  5. freeradius-ldap-3.0.21-40.el9_4.x86_64.rpm
    MD5: 4a87c16ee9e0c9ba1cfbcbcd54f27e61
    SHA-256: 04accbd4e964c63729d1beb7c33e6daaee8f4cab7671258b1b672ad73b851ce2
    Size: 48.38 kB
  6. freeradius-mysql-3.0.21-40.el9_4.x86_64.rpm
    MD5: 5708b516958acc6e9ef2cde5869cb381
    SHA-256: 0c0238d0b31504185c421cb74c2ef264e857f24f4c4c5ebf518266acc42db2e8
    Size: 37.27 kB
  7. freeradius-perl-3.0.21-40.el9_4.x86_64.rpm
    MD5: b5873740914d18f3a569ccc535eae329
    SHA-256: ee0e87a9114c07d9ff152961db1a5d73b6cc84010f861744b12e5a578c2e7a66
    Size: 25.68 kB
  8. freeradius-postgresql-3.0.21-40.el9_4.x86_64.rpm
    MD5: 000736494a95c768cc37deb5c815c7aa
    SHA-256: 5ac1727fd37148da68c03ccd034d506f105660e37b83ba3e70431cc3a4308a7b
    Size: 43.13 kB
  9. freeradius-rest-3.0.21-40.el9_4.x86_64.rpm
    MD5: 047f80d6e7d1690a6b487caf2b0ed19c
    SHA-256: b11904c1d45e9de50451b5fcd9c593c0d344fe66bcde581eec8daf3b4ddd3e4e
    Size: 32.07 kB
  10. freeradius-sqlite-3.0.21-40.el9_4.x86_64.rpm
    MD5: 213cc510c7d494bf4e1a4f672a839de8
    SHA-256: a5707df6ba5b3130e6e7335de941467c7103267e873fbd7b80152f45621c3eca
    Size: 33.38 kB
  11. freeradius-unixODBC-3.0.21-40.el9_4.x86_64.rpm
    MD5: ab93ff0372e62e869190f9e4ea496d1d
    SHA-256: f124472404e63966143bb441c9c5f776849f1cdc54a9ccd0802283cc9d4f660d
    Size: 14.04 kB
  12. freeradius-utils-3.0.21-40.el9_4.x86_64.rpm
    MD5: cd7c2f98baee850d590eb12c7518a4d6
    SHA-256: 9e7a6cd77d5a60299af22b1c473ed01c7dfc796b974f3666e0c6650f647bf592
    Size: 188.28 kB
  13. python3-freeradius-3.0.21-40.el9_4.x86_64.rpm
    MD5: 3a011947b6aa2e14dab032b528fb0b75
    SHA-256: da87fd41daceebec65d5d897b75b231d05d997267ef722616864fea92233270b
    Size: 23.72 kB