UbuntuUpdates.org

Package "freeradius-utils"

Name: freeradius-utils

Description:

FreeRADIUS client utilities

Latest version: 3.0.20+dfsg-3ubuntu0.4
Release: focal (20.04)
Level: security
Repository: main
Head package: freeradius
Homepage: http://www.freeradius.org/

Links


Download "freeradius-utils"


Other versions of "freeradius-utils" in Focal

Repository Area Version
base main 3.0.20+dfsg-3build1
updates main 3.0.20+dfsg-3ubuntu0.4

Changelog

Version: 3.0.20+dfsg-3ubuntu0.4 2024-10-03 15:07:01 UTC

  freeradius (3.0.20+dfsg-3ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: forgery attack via MD5 collision (Blast-RADIUS)
    - debian/patches/CVE-2024-3596-*.patch: backport changes to require
      Message-Authenticator in all Access-* packets.
    - debian/tests/rlm_python3-data/ubuntu_example.py.mods-config: adjust
      offsets to handle Message-Authenticator.
    - CVE-2024-3596

 -- Marc Deslauriers <email address hidden> Thu, 12 Sep 2024 09:37:32 -0400

Source diff to previous version
CVE-2024-3596 RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject,

Version: 3.0.20+dfsg-3ubuntu0.2 2023-01-04 14:07:30 UTC

  freeradius (3.0.20+dfsg-3ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference in eap-sim module
    - debian/patches/CVE-2022-41860.patch: add sanity checks in
      eapsimlib.c
    - CVE-2022-41860
  * SECURITY UDPATE: DoS using abinary attribute
    - debian/patches/CVE-2022-41861.patch: fix abinary attribute checks
    - CVE-2022-41861

 -- Nishit Majithia <email address hidden> Wed, 04 Jan 2023 08:52:36 +0530

CVE-2022-41860 RESERVED
CVE-2022-41861 RESERVED



About   -   Send Feedback to @ubuntu_updates