620102 – net-dialup/freeradius-3.0.14: version with fixed CVE-2017-9148

Bug 620102 - net-dialup/freeradius-3.0.14: version with fixed CVE-2017-9148

Summary: net-dialup/freeradius-3.0.14: version with fixed CVE-2017-9148

Status:	RESOLVED DUPLICATE of bug 620186

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	http://freeradius.org/security.html
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-05-29 10:46 UTC by Martin Samek
Modified:	2017-05-30 11:00 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Martin Samek 2017-05-29 10:46:27 UTC

There is a new release of the freeradius 3 packages with fix for CVE-2017-9148 (not published yet) vulnerability.


Reproducible: Always

Steps to Reproduce:
1. freeradius < 3.0.14 is vulnerable against CVE-2017-9148
2.
3.
Actual Results:  
This vulnerability can be used by attacker to gain access to the network.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-05-30 11:00:33 UTC

Thanks for the report. Looks like ago missed that bug. We will use bug 620186 to track this vulnerability now (has already set alias...).

*** This bug has been marked as a duplicate of bug 620186 ***