Red Hat 9037 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: freeradius security update
Advisory ID: RHSA-2007:0338-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0338.html
Issue date: 2007-05-10
Updated on: 2007-05-10
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-2028
- ---------------------------------------------------------------------

1. Summary:

Updated freeradius packages that fix a memory leak flaw are now available
for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

FreeRADIUS is a high-performance and highly configurable free RADIUS server
designed to allow centralized authentication and authorization for a network.

A memory leak flaw was found in the way FreeRADIUS parses certain
authentication requests. A remote attacker could send a specially crafted
authentication request which could cause FreeRADIUS to leak a small amount
of memory. If enough of these requests are sent, the FreeRADIUS daemon
would consume a vast quantity of system memory leading to a possible denial
of service. (CVE-2007-2028)

Users of FreeRADIUS should update to these erratum packages, which contain a
backported patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

236247 - CVE-2007-2028 Freeradius EAP-TTLS denial of service

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/freeradius-1.0.1-2.RHEL3.4.src.rpm
16acced531f2fc7bcd657ebebb0a7043 freeradius-1.0.1-2.RHEL3.4.src.rpm

i386:
2ade68c6730b5308713169a67af07dbe freeradius-1.0.1-2.RHEL3.4.i386.rpm
4383a7f497e1c59b4f74803feddc96eb freeradius-debuginfo-1.0.1-2.RHEL3.4.i386.rpm

ia64:
2a3c95dfe1cf4465ff42a95cad14dd83 freeradius-1.0.1-2.RHEL3.4.ia64.rpm
b632cef5e4a2faf5436033b02ac2386d freeradius-debuginfo-1.0.1-2.RHEL3.4.ia64.rpm

ppc:
99bab7aa40fd511def9c1775afacd35f freeradius-1.0.1-2.RHEL3.4.ppc.rpm
c4ecb88c4063e32ec4e0744f26b39995 freeradius-debuginfo-1.0.1-2.RHEL3.4.ppc.rpm

s390:
dba0099b77ed297672f16f55de9f2384 freeradius-1.0.1-2.RHEL3.4.s390.rpm
aefb226740fc87b4c8f339ec156420db freeradius-debuginfo-1.0.1-2.RHEL3.4.s390.rpm

s390x:
eefed63a1a167c2956465a2d2d61d357 freeradius-1.0.1-2.RHEL3.4.s390x.rpm
7503ff812bd61177a8b2380d157e86d9 freeradius-debuginfo-1.0.1-2.RHEL3.4.s390x.rpm

x86_64:
e4a9e393990d34ff09956b3ac5f5bec2 freeradius-1.0.1-2.RHEL3.4.x86_64.rpm
13bfef00f8b94c8b749ab837e550d759 freeradius-debuginfo-1.0.1-2.RHEL3.4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/freeradius-1.0.1-2.RHEL3.4.src.rpm
16acced531f2fc7bcd657ebebb0a7043 freeradius-1.0.1-2.RHEL3.4.src.rpm

i386:
2ade68c6730b5308713169a67af07dbe freeradius-1.0.1-2.RHEL3.4.i386.rpm
4383a7f497e1c59b4f74803feddc96eb freeradius-debuginfo-1.0.1-2.RHEL3.4.i386.rpm

ia64:
2a3c95dfe1cf4465ff42a95cad14dd83 freeradius-1.0.1-2.RHEL3.4.ia64.rpm
b632cef5e4a2faf5436033b02ac2386d freeradius-debuginfo-1.0.1-2.RHEL3.4.ia64.rpm

x86_64:
e4a9e393990d34ff09956b3ac5f5bec2 freeradius-1.0.1-2.RHEL3.4.x86_64.rpm
13bfef00f8b94c8b749ab837e550d759 freeradius-debuginfo-1.0.1-2.RHEL3.4.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/freeradius-1.0.1-3.RHEL4.5.src.rpm
341e6a10536266d2f486e259fd53ff52 freeradius-1.0.1-3.RHEL4.5.src.rpm

i386:
d7fc6d5adf3079eafd2e184a55669907 freeradius-1.0.1-3.RHEL4.5.i386.rpm
2f925855363b10735d5307811d73590d freeradius-debuginfo-1.0.1-3.RHEL4.5.i386.rpm
2e578dd77c42f01523309f22ed89055a freeradius-mysql-1.0.1-3.RHEL4.5.i386.rpm
96adb0a1539991fcbedafdd3c5e717ba freeradius-postgresql-1.0.1-3.RHEL4.5.i386.rpm
6452ae9ee4a3b1d916767133183efd38 freeradius-unixODBC-1.0.1-3.RHEL4.5.i386.rpm

ia64:
92535ef1b3ac52a97de75ca8b3b02cf9 freeradius-1.0.1-3.RHEL4.5.ia64.rpm
9bf86dc71ede4397c36abd9c5b2ba31f freeradius-debuginfo-1.0.1-3.RHEL4.5.ia64.rpm
27aeadbd8bc2fba3686388e8f943657d freeradius-mysql-1.0.1-3.RHEL4.5.ia64.rpm
ba11993378ae4ba62c5453be45a81a08 freeradius-postgresql-1.0.1-3.RHEL4.5.ia64.rpm
7dbee683999da2946ba74fcde3e3dad6 freeradius-unixODBC-1.0.1-3.RHEL4.5.ia64.rpm

ppc:
f6199d7e8a2709aed1ddbfb0b998193c freeradius-1.0.1-3.RHEL4.5.ppc.rpm
d9a0fef3a2e01106ec666ea22ba35e61 freeradius-debuginfo-1.0.1-3.RHEL4.5.ppc.rpm
24b516e8c8d8c7b8c4c82f36594f535a freeradius-mysql-1.0.1-3.RHEL4.5.ppc.rpm
69b795f0ba24fb5742af5b287982020c freeradius-postgresql-1.0.1-3.RHEL4.5.ppc.rpm
2dcbfdd14f673e535e88dc734292184c freeradius-unixODBC-1.0.1-3.RHEL4.5.ppc.rpm

s390:
9e9d4b08f22af5f51707330015f37315 freeradius-1.0.1-3.RHEL4.5.s390.rpm
dc2af5dc7c47970eed5fb497d09d28dd freeradius-debuginfo-1.0.1-3.RHEL4.5.s390.rpm
288da7a5dfc7129000efeeec4f5d8835 freeradius-mysql-1.0.1-3.RHEL4.5.s390.rpm
ba86f2ac7ac7ee2624932dd1658abdf1 freeradius-postgresql-1.0.1-3.RHEL4.5.s390.rpm
e345fdeb5bfe1683c200d0788c933854 freeradius-unixODBC-1.0.1-3.RHEL4.5.s390.rpm

s390x:
0522321a2c7664c2dce0ff4ec1675643 freeradius-1.0.1-3.RHEL4.5.s390x.rpm
b736945cbd4790f2efd4943270f2d9f5 freeradius-debuginfo-1.0.1-3.RHEL4.5.s390x.rpm
98afc32b8070ecbe9203ae5629bb2311 freeradius-mysql-1.0.1-3.RHEL4.5.s390x.rpm
c3270337b10283220d90424785393514 freeradius-postgresql-1.0.1-3.RHEL4.5.s390x.rpm
3701a89bd7317bd29dcaf214b810583b freeradius-unixODBC-1.0.1-3.RHEL4.5.s390x.rpm

x86_64:
e23e49fbdd33e367a9a85adb5b49d296 freeradius-1.0.1-3.RHEL4.5.x86_64.rpm
43b61e0fbbb613621be589d6707dc155 freeradius-debuginfo-1.0.1-3.RHEL4.5.x86_64.rpm
4eef099fa257b8e890672a07a7f6495e freeradius-mysql-1.0.1-3.RHEL4.5.x86_64.rpm
302ec92e91a8354b863d702c8446db2d freeradius-postgresql-1.0.1-3.RHEL4.5.x86_64.rpm
ed2b2e5d08e426d42e1a7c58aec1908d freeradius-unixODBC-1.0.1-3.RHEL4.5.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/freeradius-1.0.1-3.RHEL4.5.src.rpm
341e6a10536266d2f486e259fd53ff52 freeradius-1.0.1-3.RHEL4.5.src.rpm

i386:
d7fc6d5adf3079eafd2e184a55669907 freeradius-1.0.1-3.RHEL4.5.i386.rpm
2f925855363b10735d5307811d73590d freeradius-debuginfo-1.0.1-3.RHEL4.5.i386.rpm
2e578dd77c42f01523309f22ed89055a freeradius-mysql-1.0.1-3.RHEL4.5.i386.rpm
96adb0a1539991fcbedafdd3c5e717ba freeradius-postgresql-1.0.1-3.RHEL4.5.i386.rpm
6452ae9ee4a3b1d916767133183efd38 freeradius-unixODBC-1.0.1-3.RHEL4.5.i386.rpm

ia64:
92535ef1b3ac52a97de75ca8b3b02cf9 freeradius-1.0.1-3.RHEL4.5.ia64.rpm
9bf86dc71ede4397c36abd9c5b2ba31f freeradius-debuginfo-1.0.1-3.RHEL4.5.ia64.rpm
27aeadbd8bc2fba3686388e8f943657d freeradius-mysql-1.0.1-3.RHEL4.5.ia64.rpm
ba11993378ae4ba62c5453be45a81a08 freeradius-postgresql-1.0.1-3.RHEL4.5.ia64.rpm
7dbee683999da2946ba74fcde3e3dad6 freeradius-unixODBC-1.0.1-3.RHEL4.5.ia64.rpm

x86_64:
e23e49fbdd33e367a9a85adb5b49d296 freeradius-1.0.1-3.RHEL4.5.x86_64.rpm
43b61e0fbbb613621be589d6707dc155 freeradius-debuginfo-1.0.1-3.RHEL4.5.x86_64.rpm
4eef099fa257b8e890672a07a7f6495e freeradius-mysql-1.0.1-3.RHEL4.5.x86_64.rpm
302ec92e91a8354b863d702c8446db2d freeradius-postgresql-1.0.1-3.RHEL4.5.x86_64.rpm
ed2b2e5d08e426d42e1a7c58aec1908d freeradius-unixODBC-1.0.1-3.RHEL4.5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freeradius-1.1.3-1.2.el5.src.rpm
421aeb33b108c165188ca18b1cc71506 freeradius-1.1.3-1.2.el5.src.rpm

i386:
b75c3b2ad29a1481d5cea1a66a4c4ee5 freeradius-1.1.3-1.2.el5.i386.rpm
e472e7a8e0de834ad59044839f351dec freeradius-debuginfo-1.1.3-1.2.el5.i386.rpm
53931b60c8925645523643d9a39b702b freeradius-mysql-1.1.3-1.2.el5.i386.rpm
2ef7d86d56706ca546c84953dd893cc1 freeradius-postgresql-1.1.3-1.2.el5.i386.rpm
5a85ae9a32584d17fef3405bef2c0945 freeradius-unixODBC-1.1.3-1.2.el5.i386.rpm

x86_64:
3c04dd84b8061d0955888ef4267a8584 freeradius-1.1.3-1.2.el5.x86_64.rpm
ccb9c3a59516e0718831558a93000d83 freeradius-debuginfo-1.1.3-1.2.el5.x86_64.rpm
dd22b0a03b483cda08dc8f2ce0061bec freeradius-mysql-1.1.3-1.2.el5.x86_64.rpm
6ecf4c4becc6e83991635b4c3edc8fe1 freeradius-postgresql-1.1.3-1.2.el5.x86_64.rpm
c47b1e5d022d77942956b92eee3774e8 freeradius-unixODBC-1.1.3-1.2.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/freeradius-1.1.3-1.2.el5.src.rpm
421aeb33b108c165188ca18b1cc71506 freeradius-1.1.3-1.2.el5.src.rpm

i386:
b75c3b2ad29a1481d5cea1a66a4c4ee5 freeradius-1.1.3-1.2.el5.i386.rpm
e472e7a8e0de834ad59044839f351dec freeradius-debuginfo-1.1.3-1.2.el5.i386.rpm
53931b60c8925645523643d9a39b702b freeradius-mysql-1.1.3-1.2.el5.i386.rpm
2ef7d86d56706ca546c84953dd893cc1 freeradius-postgresql-1.1.3-1.2.el5.i386.rpm
5a85ae9a32584d17fef3405bef2c0945 freeradius-unixODBC-1.1.3-1.2.el5.i386.rpm

ia64:
50548f886a00244fed8986f57c568ebc freeradius-1.1.3-1.2.el5.ia64.rpm
6372d3298e0539742e5241209fcf0200 freeradius-debuginfo-1.1.3-1.2.el5.ia64.rpm
c8d3bbddd86aef908d638ece8bc49378 freeradius-mysql-1.1.3-1.2.el5.ia64.rpm
0b72285429d508c3669f80fd1b6d4643 freeradius-postgresql-1.1.3-1.2.el5.ia64.rpm
437eef951896015daa236a4e340bdf30 freeradius-unixODBC-1.1.3-1.2.el5.ia64.rpm

ppc:
bfb6e97c4d24539588e2c385b722ddb6 freeradius-1.1.3-1.2.el5.ppc.rpm
434f3f297ada25d60b74a2c15a189772 freeradius-debuginfo-1.1.3-1.2.el5.ppc.rpm
8c92229b5a043df028a4a97ca6e20467 freeradius-mysql-1.1.3-1.2.el5.ppc.rpm
c2b82de68150f7c33ac7e6b3d9e0b369 freeradius-postgresql-1.1.3-1.2.el5.ppc.rpm
c0eaf20c1d623d6511ec0717b586fd2c freeradius-unixODBC-1.1.3-1.2.el5.ppc.rpm

s390x:
62fd5a26b3aacbaa4427de2f912350a0 freeradius-1.1.3-1.2.el5.s390x.rpm
c607ad59e91c3e0f125e5eadc810d8e5 freeradius-debuginfo-1.1.3-1.2.el5.s390x.rpm
600d776c8f97916f800312b90bb66006 freeradius-mysql-1.1.3-1.2.el5.s390x.rpm
7049a56d35bb367c345a88be3b79136a freeradius-postgresql-1.1.3-1.2.el5.s390x.rpm
87060d5f35e2f37965759280dc47ee50 freeradius-unixODBC-1.1.3-1.2.el5.s390x.rpm

x86_64:
3c04dd84b8061d0955888ef4267a8584 freeradius-1.1.3-1.2.el5.x86_64.rpm
ccb9c3a59516e0718831558a93000d83 freeradius-debuginfo-1.1.3-1.2.el5.x86_64.rpm
dd22b0a03b483cda08dc8f2ce0061bec freeradius-mysql-1.1.3-1.2.el5.x86_64.rpm
6ecf4c4becc6e83991635b4c3edc8fe1 freeradius-postgresql-1.1.3-1.2.el5.x86_64.rpm
c47b1e5d022d77942956b92eee3774e8 freeradius-unixODBC-1.1.3-1.2.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2028
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGQ0J9XlSAg2UNWIIRAl+kAJ9rFXg7abGqc2Zkn3NMmraSoDUexACfUXwW
fnEAi+u+1Re9auKUty0+LGM=
=2H5f
-----END PGP SIGNATURE-----