SciLinux: CVE-2007-2028 freeradius SL3.0.x , SL4.x, SL5.x

Date:         Thu, 10 May 2007 17:16:18 -0500
Reply-To:     Connie Sieh 
Sender:       Security Errata for Scientific Linux
              
From:         Connie Sieh 
Subject:      Security ERRATA for freeradius on SL3.0.x , SL4.x, SL5.x
Comments: To: scientific 

Synopsis:          Moderate: freeradius security update
Issue date:        2007-05-10
CVE Names:         CVE-2007-2028

A memory leak flaw was found in the way FreeRADIUS parses certain
authentication requests. A remote attacker could send a specially crafted
authentication request which could cause FreeRADIUS to leak a small amount
of memory. If enough of these requests are sent, the FreeRADIUS daemon
would consume a vast quantity of system memory leading to a possible denial
of service.   (CVE-2007-2028)

SL 3.0.x

   SRPMS:
 	freeradius-1.0.1-2.RHEL3.4.src.rpm

   i386:
 	freeradius-1.0.1-2.RHEL3.4.i386.rpm

   x86_64:
 	freeradius-1.0.1-2.RHEL3.4.x86_64.rpm

SL 4.x

   SRPMS:
 	freeradius-1.0.1-3.RHEL4.5.src.rpm

   i386:
 	freeradius-1.0.1-3.RHEL4.5.i386.rpm
 	freeradius-mysql-1.0.1-3.RHEL4.5.i386.rpm
 	freeradius-postgresql-1.0.1-3.RHEL4.5.i386.rpm
 	freeradius-unixODBC-1.0.1-3.RHEL4.5.i386.rpm

   x86_64:
 	freeradius-1.0.1-3.RHEL4.5.x86_64.rpm
 	freeradius-mysql-1.0.1-3.RHEL4.5.x86_64.rpm
 	freeradius-postgresql-1.0.1-3.RHEL4.5.x86_64.rpm
 	freeradius-unixODBC-1.0.1-3.RHEL4.5.x86_64.rpm

SL 5.x

   SRPMS:
 	freeradius-1.1.3-1.2.el5.src.rpm

   i386:
 	freeradius-1.1.3-1.2.el5.i386.rpm
 	freeradius-mysql-1.1.3-1.2.el5.i386.rpm
 	freeradius-postgresql-1.1.3-1.2.el5.i386.rpm
 	freeradius-unixODBC-1.1.3-1.2.el5.i386.rpm

-Connie Sieh

Date: Thu, 10 May 2007 17:16:18 -0500Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: Security ERRATA for freeradius on SL3.0.x , SL4.x, SL5.xComments: To: scientific Synopsis: Moderate: freeradius security updateIssue date: 2007-05-10CVE Names: CVE-2007-2028A memory leak flaw was found in the way FreeRADIUS parses certainauthentication requests. A remote attacker could send a specially craftedauthentication request which could cause FreeRADIUS to leak a small amountof memory. If enough of these requests are sent, the FreeRADIUS daemonwould consume a vast quantity of system memory leading to a possible denialof service. (CVE-2007-2028)SL 3.0.x SRPMS: freeradius-1.0.1-2.RHEL3.4.src.rpm i386: freeradius-1.0.1-2.RHEL3.4.i386.rpm x86_64: freeradius-1.0.1-2.RHEL3.4.x86_64.rpmSL 4.x SRPMS: freeradius-1.0.1-3.RHEL4.5.src.rpm i386: freeradius-1.0.1-3.RHEL4.5.i386.rpm freeradius-mysql-1.0.1-3.RHEL4.5.i386.rpm freeradius-postgresql-1.0.1-3.RHEL4.5.i386.rpm freeradius-unixODBC-1.0.1-3.RHEL4.5.i386.rpm x86_64: freeradius-1.0.1-3.RHEL4.5.x86_64.rpm freeradius-mysql-1.0.1-3.RHEL4.5.x86_64.rpm freeradius-postgresql-1.0.1-3.RHEL4.5.x86_64.rpm freeradius-unixODBC-1.0.1-3.RHEL4.5.x86_64.rpmSL 5.x SRPMS: freeradius-1.1.3-1.2.el5.src.rpm i386: freeradius-1.1.3-1.2.el5.i386.rpm freeradius-mysql-1.1.3-1.2.el5.i386.rpm freeradius-postgresql-1.1.3-1.2.el5.i386.rpm freeradius-unixODBC-1.1.3-1.2.el5.i386.rpm-Connie Sieh

SciLinux: CVE-2007-2028 freeradius SL3.0.x , SL4.x, SL5.x

Summary

Security Fixes

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By