Skip to navigation

Security Advisory Moderate: freeradius2 security update

Advisory: RHSA-2012:1327-1
Type: Security Advisory
Severity: Moderate
Issued on: 2012-10-02
Last updated on: 2012-10-02
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
CVEs (cve.mitre.org): CVE-2012-3547

Details

Updated freeradius2 packages that fix one security issue are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

FreeRADIUS is a high-performance and highly configurable free Remote
Authentication Dial In User Service (RADIUS) server, designed to allow
centralized authentication and authorization for a network.

A buffer overflow flaw was discovered in the way radiusd handled the
expiration date field in X.509 client certificates. A remote attacker could
possibly use this flaw to crash radiusd if it were configured to use the
certificate or TLS tunnelled authentication methods (such as EAP-TLS,
EAP-TTLS, and PEAP). (CVE-2012-3547)

Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for
reporting this issue.

Users of FreeRADIUS are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, radiusd will be restarted automatically.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
freeradius2-2.1.12-4.el5_8.src.rpm
File outdated by:  RHSA-2013:0134
    MD5: c92dd51776d7783eb7a3fd9dbbc15dec
SHA-256: 934941df966b99ac582650a4f26f36f3c008084f4c151ce730597d79cd0930ed
 
IA-32:
freeradius2-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: f1ff5de053379e8395cb0ec0fd16f247
SHA-256: b663413a76505cfb9f4d0423d860ffa355f9d1d1f01a707dd7ae25a69c75ce5b
freeradius2-debuginfo-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: 5bfb1c6d28fb32484f384a41e8ff4064
SHA-256: 613a8285992260eb38df5cdd1f32f8ab8acedda2ff19c406080c1091165771e0
freeradius2-krb5-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: 74a1080c46b10c8f5ed99b9e4e16f677
SHA-256: da760824cf89f57a26c87609e43c6d953d14775d7e6b9343f16bfe1b97b1c605
freeradius2-ldap-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: f4c68d59b32f9ef82d1b3aadcfdce6fd
SHA-256: abbf7e2bd9ec45988a0801ac93247ce80b58bcec5af11d054037d521de516ddf
freeradius2-mysql-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: 826b865aaab7f19e21de9ce7c71eadf9
SHA-256: bd921ff86b9415f0b63b312779a439ed53d7dc3f6e5b9fdc2d225b8ca1923899
freeradius2-perl-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: 3b810718a2508f831200b690d91721aa
SHA-256: 770c3e58a1f1cc57958c3f3194a860d54c63410c2a4eddaa8ae9a45dac9f0540
freeradius2-postgresql-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: 06599df221708c476b05325aa309c6a0
SHA-256: 58b26ff0e2651e0d3f6996fb8d0c2a761ebddcd8d17430f2b9cf29d0240b5238
freeradius2-python-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: 65d62e3ca975c414cbcdbf3d198b0a44
SHA-256: 2fb0656470ced2b82162474698322cb5bb968dc62c81e934caa29f43a7c9384e
freeradius2-unixODBC-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: 610c049ac4e336ff65dde3c3285d6638
SHA-256: deec5f3e4356379e3e88068ba5deb7a61fb60c996096676b59215f1f07041673
freeradius2-utils-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: c87d109c4fe36e04819cabd6f58d3a2f
SHA-256: 650013524f8ae4f22c2e6d9002df100f8fc57e2b2b52eceffd37d521e91c1b23
 
x86_64:
freeradius2-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: aa36439b3e774707d4649ae88d69d4dc
SHA-256: edcc48a23f7f51661d6df146029cf760fa85dda8a8addb6363046fde6c35749d
freeradius2-debuginfo-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 2fdce62eaf65c05780821671eed2f0b8
SHA-256: 18a42a653b318118a855a884b734d3e0152bebd411107fe28c17544330f08d1a
freeradius2-krb5-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 56b0ea8a7b95e4f725e445c24e2922ae
SHA-256: d61bd9b98685c593c6cc6e095fe23c2eed30ff2051e8241606b4e1dfe9182586
freeradius2-ldap-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 1ed95b4545381d7eef5152c96f394ef2
SHA-256: c9b0bb982ad9bba914fa7fb86165be9d493395c0db17345db83c19574e379a57
freeradius2-mysql-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 9388b84dec69ae320ce831e44880ee44
SHA-256: f246c40f78c8149e45d18bfe0ef1cec7d29a2714a68c16bb9b1c0b0155a95fbf
freeradius2-perl-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 4a343b1c5c01722fe1a0c9156df103f5
SHA-256: 5ba1bc038c58ce63977fa4fd239600ad0966b48648e63a862d4ce12630120385
freeradius2-postgresql-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: e63f7de4199f15b3faa47d0c7d1c1388
SHA-256: 8c7781758f630e612d9a0eb9c9b41b08da07a1b5c5b915ecdaaea71349ee71c7
freeradius2-python-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 3f87f2a51830aee06c20c38c92ff8fe4
SHA-256: 399fd5eebf65d58b7142f11cd5f56d24e2820133e6bb278dd7a3aabc6a7b2b49
freeradius2-unixODBC-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: ae69df4d7f36cd6ece6c216efd220055
SHA-256: 68f17e2a1a4af6a5721e218bc304c9c9ebe98a9204f65470ec04c7a7e5a41da2
freeradius2-utils-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 5f63c10baa34ab8e9b6660e2f425413f
SHA-256: da201a7923a36ecdd723b761da5631ace7d083e7382e2ff660383bc8f53013db
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
freeradius2-2.1.12-4.el5_8.src.rpm
File outdated by:  RHSA-2013:0134
    MD5: c92dd51776d7783eb7a3fd9dbbc15dec
SHA-256: 934941df966b99ac582650a4f26f36f3c008084f4c151ce730597d79cd0930ed
 
IA-32:
freeradius2-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: f1ff5de053379e8395cb0ec0fd16f247
SHA-256: b663413a76505cfb9f4d0423d860ffa355f9d1d1f01a707dd7ae25a69c75ce5b
freeradius2-debuginfo-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: 5bfb1c6d28fb32484f384a41e8ff4064
SHA-256: 613a8285992260eb38df5cdd1f32f8ab8acedda2ff19c406080c1091165771e0
freeradius2-krb5-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: 74a1080c46b10c8f5ed99b9e4e16f677
SHA-256: da760824cf89f57a26c87609e43c6d953d14775d7e6b9343f16bfe1b97b1c605
freeradius2-ldap-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: f4c68d59b32f9ef82d1b3aadcfdce6fd
SHA-256: abbf7e2bd9ec45988a0801ac93247ce80b58bcec5af11d054037d521de516ddf
freeradius2-mysql-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: 826b865aaab7f19e21de9ce7c71eadf9
SHA-256: bd921ff86b9415f0b63b312779a439ed53d7dc3f6e5b9fdc2d225b8ca1923899
freeradius2-perl-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: 3b810718a2508f831200b690d91721aa
SHA-256: 770c3e58a1f1cc57958c3f3194a860d54c63410c2a4eddaa8ae9a45dac9f0540
freeradius2-postgresql-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: 06599df221708c476b05325aa309c6a0
SHA-256: 58b26ff0e2651e0d3f6996fb8d0c2a761ebddcd8d17430f2b9cf29d0240b5238
freeradius2-python-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: 65d62e3ca975c414cbcdbf3d198b0a44
SHA-256: 2fb0656470ced2b82162474698322cb5bb968dc62c81e934caa29f43a7c9384e
freeradius2-unixODBC-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: 610c049ac4e336ff65dde3c3285d6638
SHA-256: deec5f3e4356379e3e88068ba5deb7a61fb60c996096676b59215f1f07041673
freeradius2-utils-2.1.12-4.el5_8.i386.rpm
File outdated by:  RHSA-2013:0134
    MD5: c87d109c4fe36e04819cabd6f58d3a2f
SHA-256: 650013524f8ae4f22c2e6d9002df100f8fc57e2b2b52eceffd37d521e91c1b23
 
IA-64:
freeradius2-2.1.12-4.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 7483ca38547e08871d2e0553f50a6673
SHA-256: b67a3bd380f771f271109e93f7cbe33f076c9eab0fc99545cbc474f4ebe262e7
freeradius2-debuginfo-2.1.12-4.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0134
    MD5: fb47afce06da5b7f8e12131ce9c70f06
SHA-256: 5df910ac85232e502a17d0d8e258c20819a0e29eb77cfd34465fc0be6404b708
freeradius2-krb5-2.1.12-4.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 8ce5edcc0515a5050a712c9fbcba4727
SHA-256: ee53cb60063c91540535f2e1dc3eddd769036fadd322904e0591b6598ac90dae
freeradius2-ldap-2.1.12-4.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 2c8f07df7c590780b3a30d13fa319a0c
SHA-256: a781a01c721c1c72dcf38350e2b7c39bd6aa0f9913266f0db3992a7a617f38cd
freeradius2-mysql-2.1.12-4.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 125cda43a8520cc3c5ad0d7ddf7c9ff0
SHA-256: d6a0cda5274607d854447dc6e70f92dcd0338f51beaa6dfd9077403ea339379d
freeradius2-perl-2.1.12-4.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 8c307913f7e4f266545603255327b917
SHA-256: d649a30612da87088d76621b4d9e90cd8b5095be51274ee478a829a32c930fdd
freeradius2-postgresql-2.1.12-4.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0134
    MD5: c8a46be7dc65e0f263bd4c960c56529d
SHA-256: fc6c831e1f984e51689e72113121d05e7ecbe75f9b333abba16808b1a82dab85
freeradius2-python-2.1.12-4.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0134
    MD5: d94bfed0eb25ce07085f34c9a9706f58
SHA-256: a6784ce3ca761d1920d6631f10bbc898f13e820e8bf85af0836f3bada93dda56
freeradius2-unixODBC-2.1.12-4.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 8ef16209fd82df2f576797c058732a88
SHA-256: 7ebf8941144cdafa5ac16d60dbf9f9cfbcaf8e6413d93defb2a243ad6c278d4f
freeradius2-utils-2.1.12-4.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0134
    MD5: e8c7767d9278b436dac406e357898efa
SHA-256: 0a09d3794418b96d9cc7d42738516df53363bc90a66666cfe561d29c8d164004
 
PPC:
freeradius2-2.1.12-4.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0134
    MD5: 2d64cebfb4da6f17583b9dc2fb89d698
SHA-256: 7a8f17b938e7b122de5a800d2808633c38965572ced6aaf8f1dc74263b83e428
freeradius2-debuginfo-2.1.12-4.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0134
    MD5: aa06d973a279303befe7a3379bad9f32
SHA-256: 8132b1d53f3a4a73e48686878575e1f160c77f981a5783682ed28e2101d5c7c3
freeradius2-krb5-2.1.12-4.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0134
    MD5: b5d3e50b1745cad6548b637a7d4fc1a4
SHA-256: a477f0e1b32e78487adb0dbb12627939e3352a70c221caf48c4c5fc22d133036
freeradius2-ldap-2.1.12-4.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0134
    MD5: 4fff45ae0b00c615f789fd4c7bc33566
SHA-256: c97ca5ce211ae13edc8fe09c901d5cb02fa15d35d0a07828ed1125ec067cfef3
freeradius2-mysql-2.1.12-4.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0134
    MD5: 61a3a3b12b154cd2c7e818f5f1baac66
SHA-256: eaa47e43051ea9a90557f526e9659bd51b2482df7efeec9cf6f9327ca0c9b336
freeradius2-perl-2.1.12-4.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0134
    MD5: 1c4187c0560428bc8e6056cbbdcede1b
SHA-256: fca78c880a37f2fb619c03b3a1db1b4a59134ac7558ff6f04c68d88818943802
freeradius2-postgresql-2.1.12-4.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0134
    MD5: de3531f79ef1baad4da2098b3f3e38c8
SHA-256: 34943c4887cf333f4b4d48eab40c06d83b876329c04cce0e06a6d2ebf44b985b
freeradius2-python-2.1.12-4.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0134
    MD5: 1ac566b7b9a919f842b8294f1050652c
SHA-256: b7c98e2ffd3a69899e4889d3f9f178e59344862ed2620bb58a50b0a3d67d89eb
freeradius2-unixODBC-2.1.12-4.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0134
    MD5: 88a41d582f262b05ee08530a2a2c8a68
SHA-256: aefc287c62b771459423b357ad438d4d524a6c09709a93430a06a8ebcdfcaf56
freeradius2-utils-2.1.12-4.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0134
    MD5: 5b9df0009c1fc3d67e66d9b109cf60ce
SHA-256: 375e2867358b876a85e678a41b05e625fb440a1c9e95b69c4cbc0b7f07090ad7
 
s390x:
freeradius2-2.1.12-4.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0134
    MD5: d8a370e2a60121ed07e6920a700ab1c4
SHA-256: b672d18bb35bb1676584147b382856f799936780c346e307c8f6360517707bd1
freeradius2-debuginfo-2.1.12-4.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0134
    MD5: ab71364eb35a271d9f7a95d8ca2907dc
SHA-256: 009f810debb56b4707e07bc9aaa5bcf6619b5af9c190a3d0361819d4f3e08849
freeradius2-krb5-2.1.12-4.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0134
    MD5: 098785d0e432c0a2bd838e8dfa3a2352
SHA-256: 8da650defed4bcb1916fc6b392c2ed88996d2963fa8affcd01acf9b00e232235
freeradius2-ldap-2.1.12-4.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0134
    MD5: b9eac33bcea32db1a5716b24237dff7a
SHA-256: e618f4a8cc1940b90be8a78d2e62a53411f7bd660eae93f3152471cbd9d6f58c
freeradius2-mysql-2.1.12-4.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0134
    MD5: 4788685cdbd9db0b75aef1aedce27599
SHA-256: ff95a810b9aca91415075010401a03d59f4433b6c6e0728805c65289b02502d0
freeradius2-perl-2.1.12-4.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0134
    MD5: d12beed36dfadd80338acd59b6af011d
SHA-256: c9570c81ad0edd13f2036b2ac715d5161bfc5bb64fa16515771721488684f49a
freeradius2-postgresql-2.1.12-4.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0134
    MD5: a6c5de76d6000501644b7f7e9eaf10bb
SHA-256: 1415fbb9c29ebf3d79c04f05b4266e0011fccdb4a3a924b86731987d996b0d7b
freeradius2-python-2.1.12-4.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0134
    MD5: 07cfc7d9fb1b16785d5a4c3670ee2a55
SHA-256: 2e40fc95c4c5341c01e04a1e9571bb23752b18b9c88078e346a77bff59f8ece2
freeradius2-unixODBC-2.1.12-4.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0134
    MD5: 9947cb9296d64b80c8684e2818cbdee2
SHA-256: 8740c89c71cd23aaa6a8ef38aaef5b19fc4c9907514636d05408c1e56b222198
freeradius2-utils-2.1.12-4.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0134
    MD5: db346fb6144c984596f2ca85fadedafe
SHA-256: b63e6f5b3592860a6d7c41d73ac700b0640de3cf4dfc7a8a2f17b858498ddf27
 
x86_64:
freeradius2-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: aa36439b3e774707d4649ae88d69d4dc
SHA-256: edcc48a23f7f51661d6df146029cf760fa85dda8a8addb6363046fde6c35749d
freeradius2-debuginfo-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 2fdce62eaf65c05780821671eed2f0b8
SHA-256: 18a42a653b318118a855a884b734d3e0152bebd411107fe28c17544330f08d1a
freeradius2-krb5-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 56b0ea8a7b95e4f725e445c24e2922ae
SHA-256: d61bd9b98685c593c6cc6e095fe23c2eed30ff2051e8241606b4e1dfe9182586
freeradius2-ldap-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 1ed95b4545381d7eef5152c96f394ef2
SHA-256: c9b0bb982ad9bba914fa7fb86165be9d493395c0db17345db83c19574e379a57
freeradius2-mysql-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 9388b84dec69ae320ce831e44880ee44
SHA-256: f246c40f78c8149e45d18bfe0ef1cec7d29a2714a68c16bb9b1c0b0155a95fbf
freeradius2-perl-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 4a343b1c5c01722fe1a0c9156df103f5
SHA-256: 5ba1bc038c58ce63977fa4fd239600ad0966b48648e63a862d4ce12630120385
freeradius2-postgresql-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: e63f7de4199f15b3faa47d0c7d1c1388
SHA-256: 8c7781758f630e612d9a0eb9c9b41b08da07a1b5c5b915ecdaaea71349ee71c7
freeradius2-python-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 3f87f2a51830aee06c20c38c92ff8fe4
SHA-256: 399fd5eebf65d58b7142f11cd5f56d24e2820133e6bb278dd7a3aabc6a7b2b49
freeradius2-unixODBC-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: ae69df4d7f36cd6ece6c216efd220055
SHA-256: 68f17e2a1a4af6a5721e218bc304c9c9ebe98a9204f65470ec04c7a7e5a41da2
freeradius2-utils-2.1.12-4.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0134
    MD5: 5f63c10baa34ab8e9b6660e2f425413f
SHA-256: da201a7923a36ecdd723b761da5631ace7d083e7382e2ff660383bc8f53013db
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

852752 - CVE-2012-3547 freeradius: stack-based buffer overflow via long expiration date fields in client X509 certificates


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/