UbuntuUpdates.org

Package "freeradius"

Name: freeradius

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • iODBC module for FreeRADIUS server
  • kerberos module for FreeRADIUS server
  • LDAP module for FreeRADIUS server
  • Memcached module for FreeRADIUS server

Latest version: 3.0.20+dfsg-3ubuntu0.4
Release: focal (20.04)
Level: updates
Repository: universe

Links



Other versions of "freeradius" in Focal

Repository Area Version
base main 3.0.20+dfsg-3build1
security main 3.0.20+dfsg-3ubuntu0.4
security universe 3.0.20+dfsg-3ubuntu0.4
updates main 3.0.20+dfsg-3ubuntu0.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.0.20+dfsg-3ubuntu0.4 2024-10-03 16:07:08 UTC

  freeradius (3.0.20+dfsg-3ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: forgery attack via MD5 collision (Blast-RADIUS)
    - debian/patches/CVE-2024-3596-*.patch: backport changes to require
      Message-Authenticator in all Access-* packets.
    - debian/tests/rlm_python3-data/ubuntu_example.py.mods-config: adjust
      offsets to handle Message-Authenticator.
    - CVE-2024-3596

 -- Marc Deslauriers <email address hidden> Thu, 12 Sep 2024 09:37:32 -0400

Source diff to previous version
CVE-2024-3596 RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject,

Version: 3.0.20+dfsg-3ubuntu0.2 2023-01-04 14:07:41 UTC

  freeradius (3.0.20+dfsg-3ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference in eap-sim module
    - debian/patches/CVE-2022-41860.patch: add sanity checks in
      eapsimlib.c
    - CVE-2022-41860
  * SECURITY UDPATE: DoS using abinary attribute
    - debian/patches/CVE-2022-41861.patch: fix abinary attribute checks
    - CVE-2022-41861

 -- Nishit Majithia <email address hidden> Wed, 04 Jan 2023 08:52:36 +0530

Source diff to previous version
CVE-2022-41860 RESERVED
CVE-2022-41861 RESERVED

Version: 3.0.20+dfsg-3ubuntu0.1 2022-05-18 06:06:26 UTC

  freeradius (3.0.20+dfsg-3ubuntu0.1) focal; urgency=medium

  * Fix loading of rlm_python3 (LP: #1873923):
    - d/p/py3.8-libname-fix.patch: fix the python library name that
      freeradius is looking for when loading the rlm_python3 module
    - d/p/dont_call_undeclared.patch: don't attempt to load the python
      module if "instantiate" and "detach" are not declared
    - Add test for rlm_python3
      + d/t/control: new rlm_python3 test
      + d/t/rlm_python3-test: test the rlm_python3 module
      + d/t/rlm_python3-data/*: test files
  * d/t/test-freeradius.py: test more authentication mechanisms
    (cherry-picked from Ubuntu 22.04)
  * d/t/freeradius: run python tests in verbose mode

 -- Andreas Hasenack <email address hidden> Thu, 14 Apr 2022 17:32:00 -0300

1873923 freeradius with freeradius-python3 fails to start out of the box



About   -   Send Feedback to @ubuntu_updates