Skip to navigation

Security Advisory Moderate: freeradius security update

Advisory: RHSA-2009:1451-1
Type: Security Advisory
Severity: Moderate
Issued on: 2009-09-17
Last updated on: 2009-09-17
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux EUS (v. 5.4.z server)
CVEs (cve.mitre.org): CVE-2009-3111

Details

Updated freeradius packages that fix a security issue are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

FreeRADIUS is a high-performance and highly configurable free Remote
Authentication Dial In User Service (RADIUS) server, designed to allow
centralized authentication and authorization for a network.

An input validation flaw was discovered in the way FreeRADIUS decoded
specific RADIUS attributes from RADIUS packets. A remote attacker could use
this flaw to crash the RADIUS daemon (radiusd) via a specially-crafted
RADIUS packet. (CVE-2009-3111)

Users of FreeRADIUS are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, radiusd will be restarted automatically.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
freeradius-1.1.3-1.5.el5_4.src.rpm
File outdated by:  RHBA-2009:1678		     MD5: 2f95c457b40a960773d643e27f3401ce
 
IA-32:
freeradius-1.1.3-1.5.el5_4.i386.rpm
File outdated by:  RHBA-2009:1678		     MD5: 3c85eb389cb40380bcdb70086d493d70
freeradius-mysql-1.1.3-1.5.el5_4.i386.rpm
File outdated by:  RHBA-2009:1678		     MD5: 9ce80470a1fd03fa0ca9c49d1026bcfa
freeradius-postgresql-1.1.3-1.5.el5_4.i386.rpm
File outdated by:  RHBA-2009:1678		     MD5: 8ffa594f5e62dfec4c3d74b2ca4983e2
freeradius-unixODBC-1.1.3-1.5.el5_4.i386.rpm
File outdated by:  RHBA-2009:1678		     MD5: a2bb7d87eb30b2858d08b694bf866bee
 
x86_64:
freeradius-1.1.3-1.5.el5_4.x86_64.rpm
File outdated by:  RHBA-2009:1678		     MD5: a7cc7fda0e5b5a40355489f479f3828d
freeradius-mysql-1.1.3-1.5.el5_4.x86_64.rpm
File outdated by:  RHBA-2009:1678		     MD5: 5b4995bd364f69ff38d381b5b86c0521
freeradius-postgresql-1.1.3-1.5.el5_4.x86_64.rpm
File outdated by:  RHBA-2009:1678		     MD5: 82233cc953528672ce32a423c43d57b8
freeradius-unixODBC-1.1.3-1.5.el5_4.x86_64.rpm
File outdated by:  RHBA-2009:1678		     MD5: 0191dbc85bd418361d18b01c3ae96749
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
freeradius-1.1.3-1.5.el5_4.src.rpm
File outdated by:  RHBA-2009:1678		     MD5: 2f95c457b40a960773d643e27f3401ce
 
IA-32:
freeradius-1.1.3-1.5.el5_4.i386.rpm
File outdated by:  RHBA-2009:1678		     MD5: 3c85eb389cb40380bcdb70086d493d70
freeradius-mysql-1.1.3-1.5.el5_4.i386.rpm
File outdated by:  RHBA-2009:1678		     MD5: 9ce80470a1fd03fa0ca9c49d1026bcfa
freeradius-postgresql-1.1.3-1.5.el5_4.i386.rpm
File outdated by:  RHBA-2009:1678		     MD5: 8ffa594f5e62dfec4c3d74b2ca4983e2
freeradius-unixODBC-1.1.3-1.5.el5_4.i386.rpm
File outdated by:  RHBA-2009:1678		     MD5: a2bb7d87eb30b2858d08b694bf866bee
 
IA-64:
freeradius-1.1.3-1.5.el5_4.ia64.rpm
File outdated by:  RHBA-2009:1678		     MD5: 99cd65711cdd2889f9adc6406622c71c
freeradius-mysql-1.1.3-1.5.el5_4.ia64.rpm
File outdated by:  RHBA-2009:1678		     MD5: 2f31165a3bdc12a14025a750658ff7ed
freeradius-postgresql-1.1.3-1.5.el5_4.ia64.rpm
File outdated by:  RHBA-2009:1678		     MD5: 55ca20b51105359d521d6623008e9bea
freeradius-unixODBC-1.1.3-1.5.el5_4.ia64.rpm
File outdated by:  RHBA-2009:1678		     MD5: 56879a90ca92ae5cd7042c6109a5a407
 
PPC:
freeradius-1.1.3-1.5.el5_4.ppc.rpm
File outdated by:  RHBA-2009:1678		     MD5: 48eda1b31a8f233db2636ed1b1e97fa4
freeradius-mysql-1.1.3-1.5.el5_4.ppc.rpm
File outdated by:  RHBA-2009:1678		     MD5: b2ee567ce5389abf80df9c929470b15a
freeradius-postgresql-1.1.3-1.5.el5_4.ppc.rpm
File outdated by:  RHBA-2009:1678		     MD5: dab0acc6520f61e738f63a64ac261a24
freeradius-unixODBC-1.1.3-1.5.el5_4.ppc.rpm
File outdated by:  RHBA-2009:1678		     MD5: a34e23dc3a1a9090f19c5c0cd98601cf
 
s390x:
freeradius-1.1.3-1.5.el5_4.s390x.rpm
File outdated by:  RHBA-2009:1678		     MD5: 0863465100c3642aea962511784ce421
freeradius-mysql-1.1.3-1.5.el5_4.s390x.rpm
File outdated by:  RHBA-2009:1678		     MD5: 255ee45ce45ad5868001425cac7a4e84
freeradius-postgresql-1.1.3-1.5.el5_4.s390x.rpm
File outdated by:  RHBA-2009:1678		     MD5: 79096c5f7899d83e2c7829c4c737a415
freeradius-unixODBC-1.1.3-1.5.el5_4.s390x.rpm
File outdated by:  RHBA-2009:1678		     MD5: 5104c28ef5abe6068ad0a3b827929beb
 
x86_64:
freeradius-1.1.3-1.5.el5_4.x86_64.rpm
File outdated by:  RHBA-2009:1678		     MD5: a7cc7fda0e5b5a40355489f479f3828d
freeradius-mysql-1.1.3-1.5.el5_4.x86_64.rpm
File outdated by:  RHBA-2009:1678		     MD5: 5b4995bd364f69ff38d381b5b86c0521
freeradius-postgresql-1.1.3-1.5.el5_4.x86_64.rpm
File outdated by:  RHBA-2009:1678		     MD5: 82233cc953528672ce32a423c43d57b8
freeradius-unixODBC-1.1.3-1.5.el5_4.x86_64.rpm
File outdated by:  RHBA-2009:1678		     MD5: 0191dbc85bd418361d18b01c3ae96749
 
Red Hat Enterprise Linux EUS (v. 5.4.z server)
SRPMS:
freeradius-1.1.3-1.5.el5_4.src.rpm
File outdated by:  RHBA-2009:1678		     MD5: 2f95c457b40a960773d643e27f3401ce
 
IA-32:
freeradius-1.1.3-1.5.el5_4.i386.rpm     MD5: 3c85eb389cb40380bcdb70086d493d70
freeradius-mysql-1.1.3-1.5.el5_4.i386.rpm     MD5: 9ce80470a1fd03fa0ca9c49d1026bcfa
freeradius-postgresql-1.1.3-1.5.el5_4.i386.rpm     MD5: 8ffa594f5e62dfec4c3d74b2ca4983e2
freeradius-unixODBC-1.1.3-1.5.el5_4.i386.rpm     MD5: a2bb7d87eb30b2858d08b694bf866bee
 
IA-64:
freeradius-1.1.3-1.5.el5_4.ia64.rpm     MD5: 99cd65711cdd2889f9adc6406622c71c
freeradius-mysql-1.1.3-1.5.el5_4.ia64.rpm     MD5: 2f31165a3bdc12a14025a750658ff7ed
freeradius-postgresql-1.1.3-1.5.el5_4.ia64.rpm     MD5: 55ca20b51105359d521d6623008e9bea
freeradius-unixODBC-1.1.3-1.5.el5_4.ia64.rpm     MD5: 56879a90ca92ae5cd7042c6109a5a407
 
PPC:
freeradius-1.1.3-1.5.el5_4.ppc.rpm     MD5: 48eda1b31a8f233db2636ed1b1e97fa4
freeradius-mysql-1.1.3-1.5.el5_4.ppc.rpm     MD5: b2ee567ce5389abf80df9c929470b15a
freeradius-postgresql-1.1.3-1.5.el5_4.ppc.rpm     MD5: dab0acc6520f61e738f63a64ac261a24
freeradius-unixODBC-1.1.3-1.5.el5_4.ppc.rpm     MD5: a34e23dc3a1a9090f19c5c0cd98601cf
 
s390x:
freeradius-1.1.3-1.5.el5_4.s390x.rpm     MD5: 0863465100c3642aea962511784ce421
freeradius-mysql-1.1.3-1.5.el5_4.s390x.rpm     MD5: 255ee45ce45ad5868001425cac7a4e84
freeradius-postgresql-1.1.3-1.5.el5_4.s390x.rpm     MD5: 79096c5f7899d83e2c7829c4c737a415
freeradius-unixODBC-1.1.3-1.5.el5_4.s390x.rpm     MD5: 5104c28ef5abe6068ad0a3b827929beb
 
x86_64:
freeradius-1.1.3-1.5.el5_4.x86_64.rpm     MD5: a7cc7fda0e5b5a40355489f479f3828d
freeradius-mysql-1.1.3-1.5.el5_4.x86_64.rpm     MD5: 5b4995bd364f69ff38d381b5b86c0521
freeradius-postgresql-1.1.3-1.5.el5_4.x86_64.rpm     MD5: 82233cc953528672ce32a423c43d57b8
freeradius-unixODBC-1.1.3-1.5.el5_4.x86_64.rpm     MD5: 0191dbc85bd418361d18b01c3ae96749
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

521912 - CVE-2009-3111 FreeRADIUS: Missing check for Tunnel-Password attributes with zero length (DoS) -- re-appearance of CVE-2003-0967


References

https://www.redhat.com/security/data/cve/CVE-2009-3111.html
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/