freeradius:3.0 security update
エラータID: AXSA:2024-8637:01
リリース日:
2024/08/02 Friday - 17:01
題名:
freeradius:3.0 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- RFC 2865 に規定された RADIUS プロトコルには、MD5
Response Authenticator 署名に対する選択的なプレフィクス
衝突攻撃に起因して有効なレスポンス (Access-Accept、
Access-Reject、または Access-Challenge) を他のレスポンス
に改竄できてしまう問題があるため、リモートの攻撃者により、
細工された UDP の RADIUS レスポンスパケットの送信を
介して、不正な認証を可能とする脆弱性が存在します。
(CVE-2024-3596)
Modularity name: freeradius
Stream name: 3.0
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-3596
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
追加情報:
N/A
ダウンロード:
SRPMS
- freeradius-3.0.20-15.module+el8+1793+ff04c159.src.rpm
MD5: ddda10a95eaf2f3a956eacbe0b510f21
SHA-256: 1c5c23aa3a0eda41dd7d82085417cb78041f6281db067ed9f9b5191b3dcdc589
Size: 3.17 MB
Asianux Server 8 for x86_64
- freeradius-3.0.20-15.module+el8+1793+ff04c159.x86_64.rpm
MD5: d773171274616688a1bb45b3f6bdced9
SHA-256: d430cd7e32b5ce48182e4c17539114cc4c4a0edd33f3067e98a76bf3191a196a
Size: 1.13 MB - freeradius-debugsource-3.0.20-15.module+el8+1793+ff04c159.x86_64.rpm
MD5: 9ec2fc82a7a2999b96c67a42bed350b7
SHA-256: 00e82cca4352b863521f86d2c611d39289c083f2fe623651604f31cf8e1aafe6
Size: 0.99 MB - freeradius-devel-3.0.20-15.module+el8+1793+ff04c159.x86_64.rpm
MD5: 8820d01b24020c2eba1b850da08b056a
SHA-256: 4c5df54567491e240c1fc50f8abc5ea4d4c1b9fe0e884ff27f521aade6f064be
Size: 137.13 kB - freeradius-doc-3.0.20-15.module+el8+1793+ff04c159.x86_64.rpm
MD5: 19e00358f24a236f5ec6a6542a13737a
SHA-256: e9f90073a1d8518b7a89c85b9ec7708d16a2f7f2e2e8773862458c7da9a6d925
Size: 963.77 kB - freeradius-krb5-3.0.20-15.module+el8+1793+ff04c159.x86_64.rpm
MD5: 80d357649f329ab0c9f87247236717d5
SHA-256: e5ef86e17a55255f430b5935e9f15534999a7fd5031a8bce44cceba3b9173481
Size: 87.01 kB - freeradius-ldap-3.0.20-15.module+el8+1793+ff04c159.x86_64.rpm
MD5: 2ba4138ed61b68e3f48576f3f9f42d9a
SHA-256: 8cb9e603842b3169affe57c48de8cd5245709125313d24bf5facae5df157f6a7
Size: 118.34 kB - freeradius-mysql-3.0.20-15.module+el8+1793+ff04c159.x86_64.rpm
MD5: 7efce0a027532bd3ce132f22d58ceb23
SHA-256: 55fbef1f7324ca358b9b00a7392ccc6ea6204d89f4bf1303ff60d33ce35ff3dc
Size: 100.00 kB - freeradius-perl-3.0.20-15.module+el8+1793+ff04c159.x86_64.rpm
MD5: 255e8f5fe24b78baac6e8e91285bc8e1
SHA-256: f82dff4f666006abda20067e769e1151756bd1c0d0de00e0ff7f15e361105556
Size: 96.58 kB - freeradius-postgresql-3.0.20-15.module+el8+1793+ff04c159.x86_64.rpm
MD5: d931160df1440b122ce363b1e89727d6
SHA-256: e9d692ba5ffaf6694aea3c0864d649931195934aa2c8b7eb45d17c8b6847b5d3
Size: 105.82 kB - freeradius-rest-3.0.20-15.module+el8+1793+ff04c159.x86_64.rpm
MD5: a2681d044ff9a2bb97dc088bce3581a1
SHA-256: 570637a517e22208a50cb3792714cf411da726a02298f12fb8d3131f93844a1a
Size: 101.28 kB - freeradius-sqlite-3.0.20-15.module+el8+1793+ff04c159.x86_64.rpm
MD5: 4924ee820cad2f615c42943410a43f20
SHA-256: ab13ff0a070719194be4039e5c1b51cc72cc1707e8fadf0c2ea9fd969f09d91b
Size: 96.34 kB - freeradius-unixODBC-3.0.20-15.module+el8+1793+ff04c159.x86_64.rpm
MD5: 7f1a7d28840f77db81b342fc7cddcf8b
SHA-256: 2f1ac32a2bd2b8a933b6b9c0ee1abb275e14c9694ccbd8d2056f1a44ce2ab0ca
Size: 84.12 kB - freeradius-utils-3.0.20-15.module+el8+1793+ff04c159.x86_64.rpm
MD5: ba6edada04a159d44888a7cdfe2ad486
SHA-256: 46b29b6abaca25126c0e6022165143a1298088ae97414a02150ffa32fd36a05d
Size: 242.56 kB - python3-freeradius-3.0.20-15.module+el8+1793+ff04c159.x86_64.rpm
MD5: 41c17ec3cde71d321bdc35c34bec2e8e
SHA-256: d1f2f2d7219681cf8bfa915d54024fee8be56786e218a4ae456b870f1d33f946
Size: 93.17 kB
English