Mageia 2022-0482: freeradius security update
Summary
Information leakage in EAP-PWD. (CVE-2022-41859)
Crash on unknown option in EAP-SIM. (CVE-2022-41860)
Crash on invalid abinary data. (CVE-2022-41861)
References
- https://bugs.mageia.org/show_bug.cgi?id=31291
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GZM4O5MGLKNOE2SSXAXQNL5DSII556QA/
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YGQKLVAIGSOB2CSLQ2ASBK2MJAHL4LCI/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41859
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41860
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41861
Resolution
MGASA-2022-0482 - Updated freeradius packages fix security vulnerability
SRPMS
- 8/core/freeradius-3.0.22-1.1.mga8