Headline
Ubuntu Security Notice USN-7055-1
Ubuntu Security Notice 7055-1 - Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl discovered that FreeRADIUS incorrectly authenticated certain responses. An attacker able to intercept communications between a RADIUS client and server could possibly use this issue to forge responses, bypass authentication, and access network devices and services. This update introduces new configuration options called “limit_proxy_state” and “require_message_authenticator” that default to “auto” but should be set to “yes” once all RADIUS devices have been upgraded on a network.
==========================================================================Ubuntu Security Notice USN-7055-1October 03, 2024freeradius vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:A system authentication measure could be bypassed.Software Description:- freeradius: high-performance and highly configurable RADIUS serverDetails:Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, MarcStevens, and Adam Suhl discovered that FreeRADIUS incorrectly authenticatedcertain responses. An attacker able to intercept communications between aRADIUS client and server could possibly use this issue to forge responses,bypass authentication, and access network devices and services.This update introduces new configuration options called "limit_proxy_state"and "require_message_authenticator" that default to "auto" but should beset to "yes" once all RADIUS devices have been upgraded on a network.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS freeradius 3.2.5+dfsg-3~ubuntu24.04.1Ubuntu 22.04 LTS freeradius 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3Ubuntu 20.04 LTS freeradius 3.0.20+dfsg-3ubuntu0.4In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-7055-1 CVE-2024-3596Package Information: https://launchpad.net/ubuntu/+source/freeradius/3.2.5+dfsg-3~ubuntu24.04.1https://launchpad.net/ubuntu/+source/freeradius/3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3 https://launchpad.net/ubuntu/+source/freeradius/3.0.20+dfsg-3ubuntu0.4Related news
Red Hat Security Advisory 2024-8577-03 - An update for krb5 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Security Advisory 2024-8461-03 - An update for krb5 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Security Advisory 2024-4936-03 - An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8.
Red Hat Security Advisory 2024-4935-03 - An update for freeradius is now available for Red Hat Enterprise Linux 9.
Red Hat Security Advisory 2024-4913-03 - An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Security Advisory 2024-4912-03 - An update for freeradius is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Security Advisory 2024-4911-03 - An update for freeradius is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
Red Hat Security Advisory 2024-4829-03 - An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Security Advisory 2024-4828-03 - An update for freeradius is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Security Advisory 2024-4826-03 - An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover. "Missing authentication
Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild. Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in severity. The fixes are in addition to 33 vulnerabilities that have been addressed in the Chromium-based Edge browser