Debian alert DLA-1064-1 (freeradius)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1064-1] freeradius security update | |
| Date: | Fri, 25 Aug 2017 19:46:20 +0200 | |
| Message-ID: | <5b327875-de9c-d662-81a4-eadc99f63ada@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : freeradius Version : 2.1.12+dfsg-1.2+deb7u2 CVE ID : CVE-2017-10978 CVE-2017-10979 CVE-2017-10980 CVE-2017-10981 CVE-2017-10982 CVE-2017-10983 Debian Bug : 868765 Guido Vranken discovered that FreeRADIUS, an open source implementation of RADIUS, the IETF protocol for AAA (Authorisation, Authentication, and Accounting), did not properly handle memory when processing packets. This would allow a remote attacker to cause a denial-of-service by application crash, or potentially execute arbitrary code. For Debian 7 "Wheezy", these problems have been fixed in version 2.1.12+dfsg-1.2+deb7u2. We recommend that you upgrade your freeradius packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlmgYmtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTjDhAAsfXbuOb7lfoECqI+OIFz+NRhCQ0z7Yb4XPhANQsarXHC9njIF7VYJzli Nrj1TNr3dtAGULBfpFSmHs/E4u5Ne2oX1HBObaRzFRqKYXLHhnLFFo5FdoXp6UbN CERfJL5qJ+nbxq2o3C4NSs5LV9Z0s5i79hhmdZa/P38bV+MHxAW+6wWAyNj1QJde LM0gZjz8ilmDbHOceJHiBfoexs0VG+lbYv1G1D7rIJVZrhtjINXsnXdecwv8Jxa8 ENJArwNJYLpb7TL2NlAr/JnRKtLSw7DAhjipSkV3MKwPegwxgAifuA8chHArZ7nB R0F9MgKvacS5QSPAJJd7U3gsMmFyXcKZli1qB0ZzMl2H6JRsyh5pCINAqUjGkvQQ cmn4sJqTjn/StEXaSn0UFcRuvDFJEnzbTC6Z/FrTwW5RvUdGp2Ps9fiXaDUnP182 j88O3lkSab3VtzBeibS0k2hUFSbmv0TdVPsYsnRjC/CA1KuZmONft4YnKBRAxz2A OTU4cWZAyamaXJy62sZxNs2OP5Lub29BhrfsilAif41Lcvv5MsvgtbVU7rl6jTFS 9bhlIeyGG55l0CJ0dEaVMkMf9ym1fCjp6AGjVSUd5wSmH1WvF3Ucib+FD2TAA2pS bOdYVD8ctHaWV5rIkwB4VtbIlNOXmGTk8GVtWafMnowPp9Sp+0g= =Zf8E -----END PGP SIGNATURE-----