CVE-2019-13456 (https://nvd.nist.gov/vuln/detail/CVE-2019-13456): A flaw was found in the implementation of EAP-pwd in FreeRADIUS. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks.
Upstream patch: https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2cc4267b345ed2589ecda8b7a35a0f68bff19bf8 commit 2cc4267b345ed2589ecda8b7a35a0f68bff19bf8 Author: Daniele Rondina <geaaru@gmail.com> AuthorDate: 2020-02-09 09:34:19 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2020-02-11 19:13:13 +0000 net-dialup/freeradius: Bump v.3.0.20 Bug: https://bugs.gentoo.org/701822 Closes: https://bugs.gentoo.org/696458 Closes: https://bugs.gentoo.org/708970 Closes: https://github.com/gentoo/gentoo/pull/14488 Signed-off-by: Daniele Rondina <geaaru@gmail.com> Signed-off-by: Matt Turner <mattst88@gentoo.org> net-dialup/freeradius/Manifest | 1 + .../files/freeradius-3.0.20-py3-fixes.patch | 472 +++++++++++++++++++++ .../files/freeradius-3.0.20-systemd-service.patch | 57 +++ net-dialup/freeradius/freeradius-3.0.20.ebuild | 267 ++++++++++++ net-dialup/freeradius/metadata.xml | 3 + 5 files changed, 800 insertions(+)
(In reply to Thomas Deutschmann from comment #1) > Upstream patch: > https://github.com/FreeRADIUS/freeradius-server/commit/ > 3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa This patch is in v3.0.20, now in tree.
@maintainer(s), please cleanup
CVE-2019-17185 (https://nvd.nist.gov/vuln/detail/CVE-2019-17185): In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.
Cleanup done. See bug 685840.
GLSA Vote: No Thank you all for you work. Closing as [noglsa].