Summary: | <net-dialup/freeradius-3.0.15: multiple DoS vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Christopher Díaz Riveros (RETIRED) <chrisadr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | maintainer-needed |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://freeradius.org/security/fuzzer-2017.html | ||
See Also: |
https://github.com/gentoo/gentoo/pull/6206 https://github.com/gentoo/gentoo/pull/7028 |
||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
net-dialup/freeradius-3.0.15
|
Runtime testing required: | --- |
Description
Christopher Díaz Riveros (RETIRED)
2017-07-17 14:00:30 UTC
From URL: In June 2017, Guido Vranken found a number of issues with OpenVPN. One issue was a slow memory leak due to mis-use of the OpenSSL API. He contacted us to say that FreeRADIUS had the same issue as OpenVPN. We fixed that issue immediately in the the v2.x.x branch, and also fixed it in the v3.0.x branch, and the v4.0.x branch. The v3.1.x branch is unsupported, and has been deleted. Similarly, we do not discuss the v0 or v1 releases, as those are end of life and unsupported. isn't this solved stabilizing 3.0.15? I think that version fixes this B2 because there are some write issues. (In reply to Agostino Sarubbo from comment #3) > B2 because there are some write issues. Did you actually read the CVEs? amd64 stable x86 stable Last arch. @ Maintainer(s): Please cleanup and drop =net-dialup/freeradius-3.0.14! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ab4cddf3a9a969fac7236dff8e61f4c4b05eb36e commit ab4cddf3a9a969fac7236dff8e61f4c4b05eb36e Author: Michael Palimaka <kensington@gentoo.org> AuthorDate: 2017-11-15 12:06:41 +0000 Commit: Michael Palimaka <kensington@gentoo.org> CommitDate: 2017-11-15 12:06:50 +0000 net-dialup/freeradius: remove vulnerable 3.0.14 Bug: https://bugs.gentoo.org/625410 Package-Manager: Portage-2.3.8, Repoman-2.3.4 net-dialup/freeradius/Manifest | 1 - net-dialup/freeradius/freeradius-3.0.14.ebuild | 225 ------------------------- 2 files changed, 226 deletions(-)} GLSA Vote: No Thank you all. |