edora Update Notification
FEDORA-2004-076
2004-02-16
---------------------------------------------------------------------

Name        : freeradius
Version     : 0.9.3
Release     : 1.1
Summary     : High-performance and highly configurable free RADIUS server.
Description :
The FreeRADIUS Server Project is a high performance and highly configurable
GPL'd free RADIUS server. The server is similar in some respects to
Livingston's 2.0 server.  While FreeRADIUS started as a variant of the
Cistron RADIUS server, they don't share a lot in common any more. It now has
many more features than Cistron or Livingston, and is much more configurable.

FreeRADIUS is an Internet authentication daemon, which implements the RADIUS
protocol, as defined in RFC 2865 (and others). It allows Network Access
Servers (NAS boxes) to perform authentication for dial-up users. There are
also RADIUS clients available for Web servers, firewalls, Unix logins, and
more.  Using RADIUS allows authentication and authorization for a network to
be centralized, and minimizes the amount of re-configuration which has to be
done when adding or deleting new users.

---------------------------------------------------------------------

This version corrects a flaw in 0.9.2 (and all earlier versions of the
server) which may allow an attacker to DoS the server.
The bug does not look to be easily exploitable, as it overwrites the heap
(not the stack), and any exploit code must be in the form of a valid RADIUS
packet.

---------------------------------------------------------------------
This update can be downloaded from:
    

45682e5adaf0d649c3f4c30a4b7cb1af  SRPMS/freeradius-0.9.3-1.1.src.rpm
9642e1db1cf8955d4fc24040b73f3506  i386/freeradius-0.9.3-1.1.i386.rpm
55d0a73f2a1da031d8b3ad0775fb2512  i386/debug/freeradius-debuginfo-0.9.3-1.1.i386.rpm
421c75806a8e7e296c95ac831bccbb9d  i386/freeradius-mysql-0.9.3-1.1.i386.rpm
4c5f4346bbb56bb2c09fe31183c0af6a  i386/freeradius-postgresql-0.9.3-1.1.i386.rpm
7eed2b5cd2bbea4ec1064be038584caf  i386/freeradius-unixODBC-0.9.3-1.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------


-- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com 
fedora-announce-list Info Page

Fedora: freeradius Denial of service vulnerability

February 18, 2004
This version corrects a flaw in 0.9.2 (and all earlier versions of the server) which may allow an attacker to DoS the server.

Summary

The FreeRADIUS Server Project is a high performance and highly configurable

GPL'd free RADIUS server. The server is similar in some respects to

Livingston's 2.0 server. While FreeRADIUS started as a variant of the

Cistron RADIUS server, they don't share a lot in common any more. It now has

many more features than Cistron or Livingston, and is much more configurable.

FreeRADIUS is an Internet authentication daemon, which implements the RADIUS

protocol, as defined in RFC 2865 (and others). It allows Network Access

Servers (NAS boxes) to perform authentication for dial-up users. There are

also RADIUS clients available for Web servers, firewalls, Unix logins, and

more. Using RADIUS allows authentication and authorization for a network to

be centralized, and minimizes the amount of re-configuration which has to be

done when adding or deleting new users.

This version corrects a flaw in 0.9.2 (and all earlier versions of the

server) which may allow an attacker to DoS the server.

The bug does not look to be easily exploitable, as it overwrites the heap

(not the stack), and any exploit code must be in the form of a valid RADIUS

packet.

This update can be downloaded from:

45682e5adaf0d649c3f4c30a4b7cb1af SRPMS/freeradius-0.9.3-1.1.src.rpm

9642e1db1cf8955d4fc24040b73f3506 i386/freeradius-0.9.3-1.1.i386.rpm

55d0a73f2a1da031d8b3ad0775fb2512 i386/debug/freeradius-debuginfo-0.9.3-1.1.i386.rpm

421c75806a8e7e296c95ac831bccbb9d i386/freeradius-mysql-0.9.3-1.1.i386.rpm

4c5f4346bbb56bb2c09fe31183c0af6a i386/freeradius-postgresql-0.9.3-1.1.i386.rpm

7eed2b5cd2bbea4ec1064be038584caf i386/freeradius-unixODBC-0.9.3-1.1.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

--

fedora-announce-list mailing list

fedora-announce-list@redhat.com

fedora-announce-list Info Page

Change Log

References

Update Instructions

Severity
Name : freeradius
Version : 0.9.3
Release : 1.1
Summary : High-performance and highly configurable free RADIUS server.

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved