| |||||||||||||||||||
Mageia alert MGASA-2012-0304 (freeradius)
MGASA-2012-0304 Date: October 29th, 2012 Affected releases: 2 Description: Updated freeradius packages fix security vulnerability: Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long not after timestamp in a client certificate (CVE-2012-3547). Updated Packages: freeradius-2.1.12-8.1.mga2 freeradius-krb5-2.1.12-8.1.mga2 freeradius-ldap-2.1.12-8.1.mga2 freeradius-mysql-2.1.12-8.1.mga2 freeradius-postgresql-2.1.12-8.1.mga2 freeradius-sqlite-2.1.12-8.1.mga2 freeradius-unixODBC-2.1.12-8.1.mga2 freeradius-web-2.1.12-8.1.mga2 lib(64)freeradius1-2.1.12-8.1.mga2 lib(64)freeradius-devel-2.1.12-8.1.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3547 http://freeradius.org/security.html http://www.mandriva.com/en/support/security/advisories/?d... https://bugs.mageia.org/show_bug.cgi?id=7447 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||