LWN.net Logo

Mageia alert MGASA-2013-0026 (freeradius)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2013-0026: freeradius-2.1.12-8.2.mga2 (2/core)
Date:  Wed, 6 Feb 2013 22:55:49 +0100
Message-ID:  <20130206215548.GA25518@valstar.mageia.org>
Archive-link:  Article, Thread

MGASA-2013-0026 Date: February 6th, 2013 Affected releases: 2 Media: Core Description: Updated freeradius packages fix security vulnerability: It was found that the "unix" module ignored the password expiration setting in "/etc/shadow". If FreeRADIUS was configured to use this module for user authentication, this flaw could allow users with an expired password to successfully authenticate, even though their access should have been denied (CVE-2011-4966). Updated Packages: i586: freeradius-2.1.12-8.2.mga2.i586.rpm freeradius-krb5-2.1.12-8.2.mga2.i586.rpm freeradius-ldap-2.1.12-8.2.mga2.i586.rpm freeradius-mysql-2.1.12-8.2.mga2.i586.rpm freeradius-postgresql-2.1.12-8.2.mga2.i586.rpm freeradius-sqlite-2.1.12-8.2.mga2.i586.rpm freeradius-unixODBC-2.1.12-8.2.mga2.i586.rpm freeradius-web-2.1.12-8.2.mga2.i586.rpm libfreeradius1-2.1.12-8.2.mga2.i586.rpm libfreeradius-devel-2.1.12-8.2.mga2.i586.rpm freeradius-debug-2.1.12-8.2.mga2.i586.rpm x86_64: freeradius-2.1.12-8.2.mga2.x86_64.rpm freeradius-krb5-2.1.12-8.2.mga2.x86_64.rpm freeradius-ldap-2.1.12-8.2.mga2.x86_64.rpm freeradius-mysql-2.1.12-8.2.mga2.x86_64.rpm freeradius-postgresql-2.1.12-8.2.mga2.x86_64.rpm freeradius-sqlite-2.1.12-8.2.mga2.x86_64.rpm freeradius-unixODBC-2.1.12-8.2.mga2.x86_64.rpm freeradius-web-2.1.12-8.2.mga2.x86_64.rpm lib64freeradius1-2.1.12-8.2.mga2.x86_64.rpm lib64freeradius-devel-2.1.12-8.2.mga2.x86_64.rpm freeradius-debug-2.1.12-8.2.mga2.x86_64.rpm SRPMS: freeradius-2.1.12-8.2.mga2.src.rpm References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4966 https://rhn.redhat.com/errata/RHSA-2013-0134.html https://bugs.mageia.org/show_bug.cgi?id=8726 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...


(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds