Univention Bugzilla – Bug 55195
freeradius: Multiple issues (5.0)
Last modified: 2022-09-13 17:50:23 CEST
New Debian freeradius 3.0.17+dfsg-1.1+deb10u1A~5.0.2.202209120914 fixes: This update addresses the following issues: * eap-pwd: Information leak due to aborting when needing more than 10 iterations (CVE-2019-13456) * eap-pwd: DoS issues due to multithreaded BN_CTX access (CVE-2019-17185)
--- mirror/ftp/pool/main/f/freeradius/freeradius_3.0.17+dfsg-1.1A~5.0.0.202006121626.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/freeradius_3.0.17+dfsg-1.1+deb10u1A~5.0.2.202209120914.dsc @@ -1,7 +1,14 @@ -3.0.17+dfsg-1.1A~5.0.0.202006121626 [Fri, 12 Jun 2020 16:26:48 +0200] Univention builddaemon <buildd@univention.de>: +3.0.17+dfsg-1.1+deb10u1A~5.0.2.202209120914 [Mon, 12 Sep 2022 09:15:10 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 050_ignore-invoke-rc.d-errors + +3.0.17+dfsg-1.1+deb10u1 [Sat, 27 Aug 2022 22:29:38 +0300] Adrian Bunk <bunk@debian.org>: + + * Non-maintainer upload. + * CVE-2019-13456: side-channel leak where 1 in 2048 handshakes fail + * CVE-2019-17185: DoS due to multithreaded BN_CTX access + * Add upstream fix for a crash bug. (Closes: #992036) 3.0.17+dfsg-1.1 [Mon, 22 Apr 2019 23:23:36 +0200] Bernhard Schmidt <berni@debian.org>: <http://piuparts.knut.univention.de/5.0-2/#2361354098096036658>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts upstream issue: files owned by freeradius-config
<https://errata.software-univention.de/#/?erratum=5.0x414>