UbuntuUpdates.org

Package "freeradius"

Name: freeradius

Description:

high-performance and highly configurable RADIUS server

Latest version: 3.0.16+dfsg-3ubuntu1.1
Release: cosmic (18.10)
Level: updates
Repository: main
Homepage: http://www.freeradius.org/

Links

Save this URL for the latest version of "freeradius": https://www.ubuntuupdates.org/freeradius


Download "freeradius"


Other versions of "freeradius" in Cosmic

Repository Area Version
base main 3.0.16+dfsg-3ubuntu1
base universe 3.0.16+dfsg-3ubuntu1
security universe 3.0.16+dfsg-3ubuntu1.1
security main 3.0.16+dfsg-3ubuntu1.1
updates universe 3.0.16+dfsg-3ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.0.16+dfsg-3ubuntu1.1 2019-04-24 14:07:13 UTC

  freeradius (3.0.16+dfsg-3ubuntu1.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: Bypass authentication
    - debian/patches/CVE-2019-11234-and-2019-11235-*.patch: fix
      by assuring the received scalar lies within the valid
      range, and by checking that the received element is not the
      point at infinity and lies on the elliptic curve being used
      in src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c.
    - CVE-2019-11234
    - CVE-2019-11235

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 17 Apr 2019 10:17:33 -0300

CVE-2019-11234 FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
CVE-2019-11235 FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is



About   -   Send Feedback to @ubuntu_updates