Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 620102 - net-dialup/freeradius-3.0.14: version with fixed CVE-2017-9148
Summary: net-dialup/freeradius-3.0.14: version with fixed CVE-2017-9148
Status: RESOLVED DUPLICATE of bug 620186
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2017-05-29 10:46 UTC by Martin Samek
Modified: 2017-05-30 11:00 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Martin Samek 2017-05-29 10:46:27 UTC
There is a new release of the freeradius 3 packages with fix for CVE-2017-9148 (not published yet) vulnerability.

Reproducible: Always

Steps to Reproduce:
1. freeradius < 3.0.14 is vulnerable against CVE-2017-9148
Actual Results:  
This vulnerability can be used by attacker to gain access to the network.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-05-30 11:00:33 UTC
Thanks for the report. Looks like ago missed that bug. We will use bug 620186 to track this vulnerability now (has already set alias...).

*** This bug has been marked as a duplicate of bug 620186 ***