freeradius:3.0 Security update
エラータID: AXSA:2020-789:01
リリース日:
2020/10/25 Sunday - 16:46
題名:
freeradius:3.0 Security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- freeradius は10回の Hunting and Pecking ループでパスワード要素を見つけられず、
平均して2048回に1回 EAP-pwd のハンドシェイクに失敗する問題があり、
攻撃者に任意のユーザーのパスワードを復元する為の情報を漏洩してしまう脆弱性があります。
この情報漏洩は "Dragonblood" 攻撃や CVE-2019-9494 に類似しています。(CVE-2019-13456)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-13456
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
追加情報:
N/A
ダウンロード:
SRPMS
- freeradius-3.0.17-7.module+el8+131+7d6cdfca.src.rpm
MD5: 34e0036190e0998f0ab80e9a1c782589
SHA-256: ef52bd22fe577ad808a09771dd8ce02d33ddbfedba2f3ae2d13ce700b62852f0
Size: 3.05 MB
Asianux Server 8 for x86_64
- freeradius-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: 978b6375d4bac5b4ecb32a77c6aa239c
SHA-256: 982a0245b9bb5b5ed3b9adeb9a2634495c735332dbeedf15454749bcf0b63d9a
Size: 1.10 MB - freeradius-devel-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: 2ced369188a3acd39b2309cea878e273
SHA-256: 5faa84843b78c5283251d90891c2ae7ddaea4385a9057e7ff5f332ba7c143a78
Size: 128.65 kB - freeradius-doc-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: 467a17ddae638e040ae84b85f1d47bbd
SHA-256: 111fc02ee165a549a930909f1991085eb816ae545efb0a0ab7bd31645221d378
Size: 957.75 kB - freeradius-krb5-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: c98099554f778c34fb80d773086f6d6e
SHA-256: 983bcc66efc9272fd5a4b3f2ddc8312e512cde5bc62f48b42e564582e3397895
Size: 84.98 kB - freeradius-ldap-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: f6f4418e6c253c0d9bad745872212f6e
SHA-256: c6e04b22de374fdd20d7eb685f7a925840f8f78daea8f3f6d55ad03c6f4dcf6b
Size: 115.55 kB - freeradius-mysql-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: 7c0a10d49021ec15fbba148c73f48ab7
SHA-256: 2fa529e7d183d636bfc6345bc4225108f089fd527e0a763ec5a6669aa74f9f95
Size: 95.51 kB - freeradius-perl-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: 7fa6e925728165ff82c539bd84dc4f66
SHA-256: d91665a7560261edf701610ec47dc62b168987896a7210528d43cc84aebc1479
Size: 94.32 kB - freeradius-postgresql-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: cbc4ce019c635d26076891d2cb975487
SHA-256: 012b6f7be1e12bb6f3975882adf45b71aedb4146ebf2a901f8aab5f16924ba84
Size: 101.57 kB - freeradius-rest-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: ed6e4b2c2e23a4c23a5e18834930a6a7
SHA-256: 39dc3808d4707dadfb81b9b461870e711ae27c0557ecd162469a69484f998b3e
Size: 98.90 kB - freeradius-sqlite-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: c77ccd6afb02122d0c54aab5e845ab25
SHA-256: 731e60b0178f0916f02656147f0887095aea239c3cf98b3fc37f1e65bc18340c
Size: 93.67 kB - freeradius-unixODBC-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: 7edf3fb6a9b7e2510ddc37b249853d2d
SHA-256: f6d82b30f1ce97697282310f1ee0985efd9b84a5d519ee3231837d40f70aa678
Size: 82.57 kB - freeradius-utils-3.0.17-7.module+el8+131+7d6cdfca.x86_64.rpm
MD5: a0b13c059c34bd240383d8dcf199afe3
SHA-256: 720360cabb40110f8325e5fc0987a3d0c1a20aa914e96ee4cd7ccb9f28293dae
Size: 238.14 kB