Fedora Legacy Test Update Notification: freeradius

Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> · Sat, 18 Dec 2004 14:17:44 -0500

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2004-2187
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2187
2004-12-18
---------------------------------------------------------------------

Name        : freeradius
FC1 Version : 1.0.1-0.FC1.5.legacy
Summary     : High-performance and highly configurable free RADIUS
              server.
Description :
The FreeRADIUS Server Project is a high performance and highly
configurable GPL'd free RADIUS server. The server is similar in some
respects to Livingston's 2.0 server.  While FreeRADIUS started as a
variant of the Cistron RADIUS server, they don't share a lot in common
any more. It now has many more features than Cistron or Livingston,
and is much more configurable.

---------------------------------------------------------------------
Update Information:

Updated freeradius packages that fix a number of denial of service
vulnerabilities as well as minor bugs are now available.

FreeRADIUS is a high-performance and highly configurable free RADIUS
server designed to allow centralized authentication and authorization
for a network.

A number of flaws were found in FreeRADIUS versions prior to 1.0.1. An
attacker who is able to send packets to the server could construct
carefully constructed packets in such a way as to cause the server to
consume memory or crash. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the names CAN-2004-0938,
CAN-2004-0960, and CAN-2004-0961 to these issues.

Please note that the pam config file included in these packages was
renamed to /etc/pam.d/radiusd.

Users of FreeRADIUS should update to these erratum packages that contain
FreeRADIUS 1.0.1, which is not vulnerable to these issues and also
corrects a number of bugs.

---------------------------------------------------------------------
Changelogs

fc1:

* Sun Dec 05 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 
1.0.1-0.FC1.5.legacy

- Marked /etc/raddb/dictionary as a config file

- Changed path references to rpm macros

* Sun Dec 05 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 
1.0.1-0.FC1.4.legacy

- Fixed install problem of radeapclient (RH #138069)

* Mon Nov 29 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 1.0.1-0.FC1.3.legacy
- rebuild for FC1
- fixes FL #2187
- NB: pam file is renamed

* Thu Oct 28 2004 Thomas Woerner <twoerner@xxxxxxxxxx> 1.0.1-0.FC2
- new version 1.0.1: fixes (#137424)
  CAN-2004-0938 Freeradius < 1.0.1 DoS and remote crash (CAN-2004-0960,
  CAN-2004-0961)
- applied radrelay CVS patch from Kevin Bonner

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

fc1:

83a5b013fac1aaa3caee75ea97dadb9ead68ca6c 
fedora/1/updates-testing/i386/freeradius-1.0.1-0.FC1.5.legacy.i386.rpm

6b9dfc73490b32784112f0f6f0cde1d87f1812f7 
fedora/1/updates-testing/i386/freeradius-mysql-1.0.1-0.FC1.5.legacy.i386.rpm

58b1e0975443a435c982b394f775337a8eedde9a 
fedora/1/updates-testing/i386/freeradius-postgresql-1.0.1-0.FC1.5.legacy.i386.rpm

94b816b7da430f359401dade849820c962b5ad98 
fedora/1/updates-testing/i386/freeradius-unixODBC-1.0.1-0.FC1.5.legacy.i386.rpm

c26c9fe20f721946bbcf7723b654ce72d1fd587f 
fedora/1/updates-testing/SRPMS/freeradius-1.0.1-0.FC1.5.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
Attachment:
signature.asc

Description: OpenPGP digital signature
--

fedora-legacy-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-legacy-list