Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 620102

Summary: net-dialup/freeradius-3.0.14: version with fixed CVE-2017-9148
Product: Gentoo Linux Reporter: Martin Samek <mr>
Component: Current packagesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: jstein, maintainer-needed
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://freeradius.org/security.html
Whiteboard:
Package list:
Runtime testing required: ---

Description Martin Samek 2017-05-29 10:46:27 UTC 
There is a new release of the freeradius 3 packages with fix for CVE-2017-9148 (not published yet) vulnerability.


Reproducible: Always

Steps to Reproduce:
1. freeradius < 3.0.14 is vulnerable against CVE-2017-9148
2.
3.
Actual Results:  
This vulnerability can be used by attacker to gain access to the network.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-05-30 11:00:33 UTC 
Thanks for the report. Looks like ago missed that bug. We will use bug 620186 to track this vulnerability now (has already set alias...).

*** This bug has been marked as a duplicate of bug 620186 ***