Skip to navigation

Security Advisory Moderate: freeradius security update

Advisory: RHSA-2007:0338-2
Type: Security Advisory
Severity: Moderate
Issued on: 2007-05-10
Last updated on: 2007-05-10
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
CVEs (cve.mitre.org): CVE-2007-2028

Details

Updated freeradius packages that fix a memory leak flaw are now available
for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

FreeRADIUS is a high-performance and highly configurable free RADIUS server
designed to allow centralized authentication and authorization for a network.

A memory leak flaw was found in the way FreeRADIUS parses certain
authentication requests. A remote attacker could send a specially crafted
authentication request which could cause FreeRADIUS to leak a small amount
of memory. If enough of these requests are sent, the FreeRADIUS daemon
would consume a vast quantity of system memory leading to a possible denial
of service. (CVE-2007-2028)

Users of FreeRADIUS should update to these erratum packages, which contain a
backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
freeradius-1.1.3-1.2.el5.src.rpm
File outdated by:  RHBA-2009:1678
    MD5: 421aeb33b108c165188ca18b1cc71506
 
IA-32:
freeradius-1.1.3-1.2.el5.i386.rpm
File outdated by:  RHBA-2009:1678
    MD5: b75c3b2ad29a1481d5cea1a66a4c4ee5
freeradius-mysql-1.1.3-1.2.el5.i386.rpm
File outdated by:  RHBA-2009:1678
    MD5: 53931b60c8925645523643d9a39b702b
freeradius-postgresql-1.1.3-1.2.el5.i386.rpm
File outdated by:  RHBA-2009:1678
    MD5: 2ef7d86d56706ca546c84953dd893cc1
freeradius-unixODBC-1.1.3-1.2.el5.i386.rpm
File outdated by:  RHBA-2009:1678
    MD5: 5a85ae9a32584d17fef3405bef2c0945
 
x86_64:
freeradius-1.1.3-1.2.el5.x86_64.rpm
File outdated by:  RHBA-2009:1678
    MD5: 3c04dd84b8061d0955888ef4267a8584
freeradius-mysql-1.1.3-1.2.el5.x86_64.rpm
File outdated by:  RHBA-2009:1678
    MD5: dd22b0a03b483cda08dc8f2ce0061bec
freeradius-postgresql-1.1.3-1.2.el5.x86_64.rpm
File outdated by:  RHBA-2009:1678
    MD5: 6ecf4c4becc6e83991635b4c3edc8fe1
freeradius-unixODBC-1.1.3-1.2.el5.x86_64.rpm
File outdated by:  RHBA-2009:1678
    MD5: c47b1e5d022d77942956b92eee3774e8
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
freeradius-1.1.3-1.2.el5.src.rpm
File outdated by:  RHBA-2009:1678
    MD5: 421aeb33b108c165188ca18b1cc71506
 
IA-32:
freeradius-1.1.3-1.2.el5.i386.rpm
File outdated by:  RHBA-2009:1678
    MD5: b75c3b2ad29a1481d5cea1a66a4c4ee5
freeradius-mysql-1.1.3-1.2.el5.i386.rpm
File outdated by:  RHBA-2009:1678
    MD5: 53931b60c8925645523643d9a39b702b
freeradius-postgresql-1.1.3-1.2.el5.i386.rpm
File outdated by:  RHBA-2009:1678
    MD5: 2ef7d86d56706ca546c84953dd893cc1
freeradius-unixODBC-1.1.3-1.2.el5.i386.rpm
File outdated by:  RHBA-2009:1678
    MD5: 5a85ae9a32584d17fef3405bef2c0945
 
IA-64:
freeradius-1.1.3-1.2.el5.ia64.rpm
File outdated by:  RHBA-2009:1678
    MD5: 50548f886a00244fed8986f57c568ebc
freeradius-mysql-1.1.3-1.2.el5.ia64.rpm
File outdated by:  RHBA-2009:1678
    MD5: c8d3bbddd86aef908d638ece8bc49378
freeradius-postgresql-1.1.3-1.2.el5.ia64.rpm
File outdated by:  RHBA-2009:1678
    MD5: 0b72285429d508c3669f80fd1b6d4643
freeradius-unixODBC-1.1.3-1.2.el5.ia64.rpm
File outdated by:  RHBA-2009:1678
    MD5: 437eef951896015daa236a4e340bdf30
 
PPC:
freeradius-1.1.3-1.2.el5.ppc.rpm
File outdated by:  RHBA-2009:1678
    MD5: bfb6e97c4d24539588e2c385b722ddb6
freeradius-mysql-1.1.3-1.2.el5.ppc.rpm
File outdated by:  RHBA-2009:1678
    MD5: 8c92229b5a043df028a4a97ca6e20467
freeradius-postgresql-1.1.3-1.2.el5.ppc.rpm
File outdated by:  RHBA-2009:1678
    MD5: c2b82de68150f7c33ac7e6b3d9e0b369
freeradius-unixODBC-1.1.3-1.2.el5.ppc.rpm
File outdated by:  RHBA-2009:1678
    MD5: c0eaf20c1d623d6511ec0717b586fd2c
 
s390x:
freeradius-1.1.3-1.2.el5.s390x.rpm
File outdated by:  RHBA-2009:1678
    MD5: 62fd5a26b3aacbaa4427de2f912350a0
freeradius-mysql-1.1.3-1.2.el5.s390x.rpm
File outdated by:  RHBA-2009:1678
    MD5: 600d776c8f97916f800312b90bb66006
freeradius-postgresql-1.1.3-1.2.el5.s390x.rpm
File outdated by:  RHBA-2009:1678
    MD5: 7049a56d35bb367c345a88be3b79136a
freeradius-unixODBC-1.1.3-1.2.el5.s390x.rpm
File outdated by:  RHBA-2009:1678
    MD5: 87060d5f35e2f37965759280dc47ee50
 
x86_64:
freeradius-1.1.3-1.2.el5.x86_64.rpm
File outdated by:  RHBA-2009:1678
    MD5: 3c04dd84b8061d0955888ef4267a8584
freeradius-mysql-1.1.3-1.2.el5.x86_64.rpm
File outdated by:  RHBA-2009:1678
    MD5: dd22b0a03b483cda08dc8f2ce0061bec
freeradius-postgresql-1.1.3-1.2.el5.x86_64.rpm
File outdated by:  RHBA-2009:1678
    MD5: 6ecf4c4becc6e83991635b4c3edc8fe1
freeradius-unixODBC-1.1.3-1.2.el5.x86_64.rpm
File outdated by:  RHBA-2009:1678
    MD5: c47b1e5d022d77942956b92eee3774e8
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
freeradius-1.0.1-2.RHEL3.4.src.rpm     MD5: 16acced531f2fc7bcd657ebebb0a7043
 
IA-32:
freeradius-1.0.1-2.RHEL3.4.i386.rpm     MD5: 2ade68c6730b5308713169a67af07dbe
 
IA-64:
freeradius-1.0.1-2.RHEL3.4.ia64.rpm     MD5: 2a3c95dfe1cf4465ff42a95cad14dd83
 
PPC:
freeradius-1.0.1-2.RHEL3.4.ppc.rpm     MD5: 99bab7aa40fd511def9c1775afacd35f
 
s390:
freeradius-1.0.1-2.RHEL3.4.s390.rpm     MD5: dba0099b77ed297672f16f55de9f2384
 
s390x:
freeradius-1.0.1-2.RHEL3.4.s390x.rpm     MD5: eefed63a1a167c2956465a2d2d61d357
 
x86_64:
freeradius-1.0.1-2.RHEL3.4.x86_64.rpm     MD5: e4a9e393990d34ff09956b3ac5f5bec2
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
freeradius-1.0.1-3.RHEL4.5.src.rpm
File outdated by:  RHBA-2010:0152
    MD5: 341e6a10536266d2f486e259fd53ff52
 
IA-32:
freeradius-1.0.1-3.RHEL4.5.i386.rpm
File outdated by:  RHBA-2010:0152
    MD5: d7fc6d5adf3079eafd2e184a55669907
freeradius-mysql-1.0.1-3.RHEL4.5.i386.rpm
File outdated by:  RHBA-2010:0152
    MD5: 2e578dd77c42f01523309f22ed89055a
freeradius-postgresql-1.0.1-3.RHEL4.5.i386.rpm
File outdated by:  RHBA-2010:0152
    MD5: 96adb0a1539991fcbedafdd3c5e717ba
freeradius-unixODBC-1.0.1-3.RHEL4.5.i386.rpm
File outdated by:  RHBA-2010:0152
    MD5: 6452ae9ee4a3b1d916767133183efd38
 
IA-64:
freeradius-1.0.1-3.RHEL4.5.ia64.rpm
File outdated by:  RHBA-2010:0152
    MD5: 92535ef1b3ac52a97de75ca8b3b02cf9
freeradius-mysql-1.0.1-3.RHEL4.5.ia64.rpm
File outdated by:  RHBA-2010:0152
    MD5: 27aeadbd8bc2fba3686388e8f943657d
freeradius-postgresql-1.0.1-3.RHEL4.5.ia64.rpm
File outdated by:  RHBA-2010:0152
    MD5: ba11993378ae4ba62c5453be45a81a08
freeradius-unixODBC-1.0.1-3.RHEL4.5.ia64.rpm
File outdated by:  RHBA-2010:0152
    MD5: 7dbee683999da2946ba74fcde3e3dad6
 
PPC:
freeradius-1.0.1-3.RHEL4.5.ppc.rpm
File outdated by:  RHBA-2010:0152
    MD5: f6199d7e8a2709aed1ddbfb0b998193c
freeradius-mysql-1.0.1-3.RHEL4.5.ppc.rpm
File outdated by:  RHBA-2010:0152
    MD5: 24b516e8c8d8c7b8c4c82f36594f535a
freeradius-postgresql-1.0.1-3.RHEL4.5.ppc.rpm
File outdated by:  RHBA-2010:0152
    MD5: 69b795f0ba24fb5742af5b287982020c
freeradius-unixODBC-1.0.1-3.RHEL4.5.ppc.rpm
File outdated by:  RHBA-2010:0152
    MD5: 2dcbfdd14f673e535e88dc734292184c
 
s390:
freeradius-1.0.1-3.RHEL4.5.s390.rpm
File outdated by:  RHBA-2010:0152
    MD5: 9e9d4b08f22af5f51707330015f37315
freeradius-mysql-1.0.1-3.RHEL4.5.s390.rpm
File outdated by:  RHBA-2010:0152
    MD5: 288da7a5dfc7129000efeeec4f5d8835
freeradius-postgresql-1.0.1-3.RHEL4.5.s390.rpm
File outdated by:  RHBA-2010:0152
    MD5: ba86f2ac7ac7ee2624932dd1658abdf1
freeradius-unixODBC-1.0.1-3.RHEL4.5.s390.rpm
File outdated by:  RHBA-2010:0152
    MD5: e345fdeb5bfe1683c200d0788c933854
 
s390x:
freeradius-1.0.1-3.RHEL4.5.s390x.rpm
File outdated by:  RHBA-2010:0152
    MD5: 0522321a2c7664c2dce0ff4ec1675643
freeradius-mysql-1.0.1-3.RHEL4.5.s390x.rpm
File outdated by:  RHBA-2010:0152
    MD5: 98afc32b8070ecbe9203ae5629bb2311
freeradius-postgresql-1.0.1-3.RHEL4.5.s390x.rpm
File outdated by:  RHBA-2010:0152
    MD5: c3270337b10283220d90424785393514
freeradius-unixODBC-1.0.1-3.RHEL4.5.s390x.rpm
File outdated by:  RHBA-2010:0152
    MD5: 3701a89bd7317bd29dcaf214b810583b
 
x86_64:
freeradius-1.0.1-3.RHEL4.5.x86_64.rpm
File outdated by:  RHBA-2010:0152
    MD5: e23e49fbdd33e367a9a85adb5b49d296
freeradius-mysql-1.0.1-3.RHEL4.5.x86_64.rpm
File outdated by:  RHBA-2010:0152
    MD5: 4eef099fa257b8e890672a07a7f6495e
freeradius-postgresql-1.0.1-3.RHEL4.5.x86_64.rpm
File outdated by:  RHBA-2010:0152
    MD5: 302ec92e91a8354b863d702c8446db2d
freeradius-unixODBC-1.0.1-3.RHEL4.5.x86_64.rpm
File outdated by:  RHBA-2010:0152
    MD5: ed2b2e5d08e426d42e1a7c58aec1908d
 
Red Hat Enterprise Linux AS (v. 4.5.z)

SRPMS:
freeradius-1.0.1-3.RHEL4.5.src.rpm
File outdated by:  RHBA-2010:0152
    MD5: 341e6a10536266d2f486e259fd53ff52
 
IA-32:
freeradius-1.0.1-3.RHEL4.5.i386.rpm     MD5: d7fc6d5adf3079eafd2e184a55669907
freeradius-mysql-1.0.1-3.RHEL4.5.i386.rpm     MD5: 2e578dd77c42f01523309f22ed89055a
freeradius-postgresql-1.0.1-3.RHEL4.5.i386.rpm     MD5: 96adb0a1539991fcbedafdd3c5e717ba
freeradius-unixODBC-1.0.1-3.RHEL4.5.i386.rpm     MD5: 6452ae9ee4a3b1d916767133183efd38
 
IA-64:
freeradius-1.0.1-3.RHEL4.5.ia64.rpm     MD5: 92535ef1b3ac52a97de75ca8b3b02cf9
freeradius-mysql-1.0.1-3.RHEL4.5.ia64.rpm     MD5: 27aeadbd8bc2fba3686388e8f943657d
freeradius-postgresql-1.0.1-3.RHEL4.5.ia64.rpm     MD5: ba11993378ae4ba62c5453be45a81a08
freeradius-unixODBC-1.0.1-3.RHEL4.5.ia64.rpm     MD5: 7dbee683999da2946ba74fcde3e3dad6
 
PPC:
freeradius-1.0.1-3.RHEL4.5.ppc.rpm     MD5: f6199d7e8a2709aed1ddbfb0b998193c
freeradius-mysql-1.0.1-3.RHEL4.5.ppc.rpm     MD5: 24b516e8c8d8c7b8c4c82f36594f535a
freeradius-postgresql-1.0.1-3.RHEL4.5.ppc.rpm     MD5: 69b795f0ba24fb5742af5b287982020c
freeradius-unixODBC-1.0.1-3.RHEL4.5.ppc.rpm     MD5: 2dcbfdd14f673e535e88dc734292184c
 
s390:
freeradius-1.0.1-3.RHEL4.5.s390.rpm     MD5: 9e9d4b08f22af5f51707330015f37315
freeradius-mysql-1.0.1-3.RHEL4.5.s390.rpm     MD5: 288da7a5dfc7129000efeeec4f5d8835
freeradius-postgresql-1.0.1-3.RHEL4.5.s390.rpm     MD5: ba86f2ac7ac7ee2624932dd1658abdf1
freeradius-unixODBC-1.0.1-3.RHEL4.5.s390.rpm     MD5: e345fdeb5bfe1683c200d0788c933854
 
s390x:
freeradius-1.0.1-3.RHEL4.5.s390x.rpm     MD5: 0522321a2c7664c2dce0ff4ec1675643
freeradius-mysql-1.0.1-3.RHEL4.5.s390x.rpm     MD5: 98afc32b8070ecbe9203ae5629bb2311
freeradius-postgresql-1.0.1-3.RHEL4.5.s390x.rpm     MD5: c3270337b10283220d90424785393514
freeradius-unixODBC-1.0.1-3.RHEL4.5.s390x.rpm     MD5: 3701a89bd7317bd29dcaf214b810583b
 
x86_64:
freeradius-1.0.1-3.RHEL4.5.x86_64.rpm     MD5: e23e49fbdd33e367a9a85adb5b49d296
freeradius-mysql-1.0.1-3.RHEL4.5.x86_64.rpm     MD5: 4eef099fa257b8e890672a07a7f6495e
freeradius-postgresql-1.0.1-3.RHEL4.5.x86_64.rpm     MD5: 302ec92e91a8354b863d702c8446db2d
freeradius-unixODBC-1.0.1-3.RHEL4.5.x86_64.rpm     MD5: ed2b2e5d08e426d42e1a7c58aec1908d
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
freeradius-1.0.1-2.RHEL3.4.src.rpm     MD5: 16acced531f2fc7bcd657ebebb0a7043
 
IA-32:
freeradius-1.0.1-2.RHEL3.4.i386.rpm     MD5: 2ade68c6730b5308713169a67af07dbe
 
IA-64:
freeradius-1.0.1-2.RHEL3.4.ia64.rpm     MD5: 2a3c95dfe1cf4465ff42a95cad14dd83
 
x86_64:
freeradius-1.0.1-2.RHEL3.4.x86_64.rpm     MD5: e4a9e393990d34ff09956b3ac5f5bec2
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
freeradius-1.0.1-3.RHEL4.5.src.rpm
File outdated by:  RHBA-2010:0152
    MD5: 341e6a10536266d2f486e259fd53ff52
 
IA-32:
freeradius-1.0.1-3.RHEL4.5.i386.rpm
File outdated by:  RHBA-2010:0152
    MD5: d7fc6d5adf3079eafd2e184a55669907
freeradius-mysql-1.0.1-3.RHEL4.5.i386.rpm
File outdated by:  RHBA-2010:0152
    MD5: 2e578dd77c42f01523309f22ed89055a
freeradius-postgresql-1.0.1-3.RHEL4.5.i386.rpm
File outdated by:  RHBA-2010:0152
    MD5: 96adb0a1539991fcbedafdd3c5e717ba
freeradius-unixODBC-1.0.1-3.RHEL4.5.i386.rpm
File outdated by:  RHBA-2010:0152
    MD5: 6452ae9ee4a3b1d916767133183efd38
 
IA-64:
freeradius-1.0.1-3.RHEL4.5.ia64.rpm
File outdated by:  RHBA-2010:0152
    MD5: 92535ef1b3ac52a97de75ca8b3b02cf9
freeradius-mysql-1.0.1-3.RHEL4.5.ia64.rpm
File outdated by:  RHBA-2010:0152
    MD5: 27aeadbd8bc2fba3686388e8f943657d
freeradius-postgresql-1.0.1-3.RHEL4.5.ia64.rpm
File outdated by:  RHBA-2010:0152
    MD5: ba11993378ae4ba62c5453be45a81a08
freeradius-unixODBC-1.0.1-3.RHEL4.5.ia64.rpm
File outdated by:  RHBA-2010:0152
    MD5: 7dbee683999da2946ba74fcde3e3dad6
 
x86_64:
freeradius-1.0.1-3.RHEL4.5.x86_64.rpm
File outdated by:  RHBA-2010:0152
    MD5: e23e49fbdd33e367a9a85adb5b49d296
freeradius-mysql-1.0.1-3.RHEL4.5.x86_64.rpm
File outdated by:  RHBA-2010:0152
    MD5: 4eef099fa257b8e890672a07a7f6495e
freeradius-postgresql-1.0.1-3.RHEL4.5.x86_64.rpm
File outdated by:  RHBA-2010:0152
    MD5: 302ec92e91a8354b863d702c8446db2d
freeradius-unixODBC-1.0.1-3.RHEL4.5.x86_64.rpm
File outdated by:  RHBA-2010:0152
    MD5: ed2b2e5d08e426d42e1a7c58aec1908d
 
Red Hat Enterprise Linux ES (v. 4.5.z)

SRPMS:
freeradius-1.0.1-3.RHEL4.5.src.rpm
File outdated by:  RHBA-2010:0152
    MD5: 341e6a10536266d2f486e259fd53ff52
 
IA-32:
freeradius-1.0.1-3.RHEL4.5.i386.rpm     MD5: d7fc6d5adf3079eafd2e184a55669907
freeradius-mysql-1.0.1-3.RHEL4.5.i386.rpm     MD5: 2e578dd77c42f01523309f22ed89055a
freeradius-postgresql-1.0.1-3.RHEL4.5.i386.rpm     MD5: 96adb0a1539991fcbedafdd3c5e717ba
freeradius-unixODBC-1.0.1-3.RHEL4.5.i386.rpm     MD5: 6452ae9ee4a3b1d916767133183efd38
 
IA-64:
freeradius-1.0.1-3.RHEL4.5.ia64.rpm     MD5: 92535ef1b3ac52a97de75ca8b3b02cf9
freeradius-mysql-1.0.1-3.RHEL4.5.ia64.rpm     MD5: 27aeadbd8bc2fba3686388e8f943657d
freeradius-postgresql-1.0.1-3.RHEL4.5.ia64.rpm     MD5: ba11993378ae4ba62c5453be45a81a08
freeradius-unixODBC-1.0.1-3.RHEL4.5.ia64.rpm     MD5: 7dbee683999da2946ba74fcde3e3dad6
 
x86_64:
freeradius-1.0.1-3.RHEL4.5.x86_64.rpm     MD5: e23e49fbdd33e367a9a85adb5b49d296
freeradius-mysql-1.0.1-3.RHEL4.5.x86_64.rpm     MD5: 4eef099fa257b8e890672a07a7f6495e
freeradius-postgresql-1.0.1-3.RHEL4.5.x86_64.rpm     MD5: 302ec92e91a8354b863d702c8446db2d
freeradius-unixODBC-1.0.1-3.RHEL4.5.x86_64.rpm     MD5: ed2b2e5d08e426d42e1a7c58aec1908d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

236247 - CVE-2007-2028 Freeradius EAP-TTLS denial of service


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/