[ MDKSA-2006:060 ] - Updated FreeRADIUS packages fix EAP-MSCHAPv2 module vulnerability




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:060
http://www.mandriva.com/security/
_______________________________________________________________________

Package : freeradius
Date : March 23, 2006
Affected: 2006.0
_______________________________________________________________________

Problem Description:

An unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows
remote attackers to bypass authentication or cause a denial of service
(server crash) via "Insufficient input validation" in the EAP-MSCHAPv2
state machine module.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1354
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
f5694e70f14cbd19b83fd27b2486206c 2006.0/RPMS/freeradius-1.0.4-2.1.20060mdk.i586.rpm
9659a4da82f833ad9f981ea7227868b2 2006.0/RPMS/libfreeradius1-1.0.4-2.1.20060mdk.i586.rpm
f9a3447563fef1dfb6340999b1d826de 2006.0/RPMS/libfreeradius1-devel-1.0.4-2.1.20060mdk.i586.rpm
bf2f92256eaa0ce809d792e8e24611a1 2006.0/RPMS/libfreeradius1-krb5-1.0.4-2.1.20060mdk.i586.rpm
044cc3fbaa56104318ba267cdab184f9 2006.0/RPMS/libfreeradius1-ldap-1.0.4-2.1.20060mdk.i586.rpm
4b8c8e812804df23e9f6596d905621be 2006.0/RPMS/libfreeradius1-mysql-1.0.4-2.1.20060mdk.i586.rpm
c2623a903a88573a3b768f2ebe7eacbb 2006.0/RPMS/libfreeradius1-postgresql-1.0.4-2.1.20060mdk.i586.rpm
28c6de397354d35ee9df21d8e191ebbe 2006.0/RPMS/libfreeradius1-unixODBC-1.0.4-2.1.20060mdk.i586.rpm
085c52e42b5cc7fc22837abd0f9c5139 2006.0/SRPMS/freeradius-1.0.4-2.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
bfce7c3070118389bfb438cf21172339 x86_64/2006.0/RPMS/freeradius-1.0.4-2.1.20060mdk.x86_64.rpm
16da145b1daefdb21ddf948840e5080d x86_64/2006.0/RPMS/lib64freeradius1-1.0.4-2.1.20060mdk.x86_64.rpm
8a31178431515a527b098eba3cae4d24 x86_64/2006.0/RPMS/lib64freeradius1-devel-1.0.4-2.1.20060mdk.x86_64.rpm
ea2fac845a7de5897fc5a8cfc10aa567 x86_64/2006.0/RPMS/lib64freeradius1-krb5-1.0.4-2.1.20060mdk.x86_64.rpm
df111b875358584ec03dc45c16a18cb5 x86_64/2006.0/RPMS/lib64freeradius1-ldap-1.0.4-2.1.20060mdk.x86_64.rpm
a8b1ab60450cae42203318941f32a596 x86_64/2006.0/RPMS/lib64freeradius1-mysql-1.0.4-2.1.20060mdk.x86_64.rpm
dad9cba86a4bbe8dd30d052853989094 x86_64/2006.0/RPMS/lib64freeradius1-postgresql-1.0.4-2.1.20060mdk.x86_64.rpm
c058e7e6d30729aefa60dd7cf3fe3ab3 x86_64/2006.0/RPMS/lib64freeradius1-unixODBC-1.0.4-2.1.20060mdk.x86_64.rpm
085c52e42b5cc7fc22837abd0f9c5139 x86_64/2006.0/SRPMS/freeradius-1.0.4-2.1.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEIyNkmqjQ0CJFipgRAqX7AKDlD7ZrED1MAZDU8zXs/JOq6wk2VwCffGiU
ZMogegmLH8UXUd2dlOmdwh8=
=BcHF
-----END PGP SIGNATURE-----



Relevant Pages