Mageia alert MGASA-2017-0232 (freeradius)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2017-0232: Updated freeradius packages fix security vulnerabilities 
Date:
    	     
 
Sun, 30 Jul 2017 17:59:27 +0200
Message-ID:
    	     
 
<20170730155927.D838F9F88B@duvel.mageia.org>
MGASA-2017-0232 - Updated freeradius packages fix security vulnerabilities

Publication date: 30 Jul 2017
URL: http://advisories.mageia.org/MGASA-2017-0232.html
Type: security
Affected Mageia releases: 5, 6
CVE: CVE-2017-10978,
     CVE-2017-10979,
     CVE-2017-10980,
     CVE-2017-10981,
     CVE-2017-10982,
     CVE-2017-10983,
     CVE-2017-10984,
     CVE-2017-10985,
     CVE-2017-10986,
     CVE-2017-10987,
     CVE-2017-10988

Description:
Fuzz testing of freeradius found multiple vulnerabilites that resulted
in either the potential for remote code execution or a possible denial
of service (except for CVE-2017-10988 which was later determined to not
actually result in any vulnerability).

References:
- https://bugs.mageia.org/show_bug.cgi?id=21268
-
https://guidovranken.wordpress.com/2017/07/17/11-remote-v...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10978
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10979
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10980
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10981
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10982
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10983
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10984
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10985
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10986
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10987
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10988

SRPMS:
- 6/core/freeradius-3.0.15-1.mga6
- 5/core/freeradius-2.2.10-1.mga5