Mageia alert MGASA-2012-0304 (freeradius)

From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2012-0304: freeradius-2.1.12-8.1.mga2
 (2/core) 
Date:
    	       Mon, 29 Oct 2012 00:37:51 +0100
Message-ID:
    	       <20121028233751.GA14779@valstar.mageia.org>

MGASA-2012-0304
Date: 	October 29th, 2012
Affected releases: 	2

Description:
Updated freeradius packages fix security vulnerability:

Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS
2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote
attackers to cause a denial of service (server crash) and possibly
execute arbitrary code via a long not after timestamp in a client
certificate (CVE-2012-3547).

Updated Packages:
freeradius-2.1.12-8.1.mga2
freeradius-krb5-2.1.12-8.1.mga2
freeradius-ldap-2.1.12-8.1.mga2
freeradius-mysql-2.1.12-8.1.mga2
freeradius-postgresql-2.1.12-8.1.mga2
freeradius-sqlite-2.1.12-8.1.mga2
freeradius-unixODBC-2.1.12-8.1.mga2
freeradius-web-2.1.12-8.1.mga2
lib(64)freeradius1-2.1.12-8.1.mga2
lib(64)freeradius-devel-2.1.12-8.1.mga2

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3547
http://freeradius.org/security.html
http://www.mandriva.com/en/support/security/advisories/?d...
https://bugs.mageia.org/show_bug.cgi?id=7447
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2012-0304: freeradius-2.1.12-8.1.mga2 (2/core)
Date:		Mon, 29 Oct 2012 00:37:51 +0100
Message-ID:		<20121028233751.GA14779@valstar.mageia.org>