Headline
RHSA-2023:2166: Red Hat Security Advisory: freeradius security and bug fix update
An update for freeradius is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-41859: In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.
- CVE-2022-41860: In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.
- CVE-2022-41861: A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.
Synopsis
Moderate: freeradius security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for freeradius is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network.
Security Fix(es):
- freeradius: Information leakage in EAP-PWD (CVE-2022-41859)
- freeradius: Crash on unknown option in EAP-SIM (CVE-2022-41860)
- freeradius: Crash on invalid abinary data (CVE-2022-41861)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for x86_64 9 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Fixes
- BZ - 2078483 - CVE-2022-41859 freeradius: Information leakage in EAP-PWD
- BZ - 2078485 - CVE-2022-41860 freeradius: Crash on unknown option in EAP-SIM
- BZ - 2078487 - CVE-2022-41861 freeradius: Crash on invalid abinary data
- BZ - 2126380 - Add dropped packages to RHEL9 CRB repository
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
freeradius-3.0.21-37.el9.src.rpm
SHA-256: 4094410bbc15cc3fa4dc5c25d8678d3cb33b01613c56db713ed97fe0ef6ec3a5
x86_64
freeradius-3.0.21-37.el9.x86_64.rpm
SHA-256: f563fa503819eb05a25bec02a1056e4bb860b816e90aba241486b34dd4ca5040
freeradius-debuginfo-3.0.21-37.el9.x86_64.rpm
SHA-256: 5c323a40c86e05065be8b0b4d7c38deb84b57211cde80c92370fada205c4eef8
freeradius-debugsource-3.0.21-37.el9.x86_64.rpm
SHA-256: 9ead9fdb8fea4d8acdf096f4d04c52020d7cfff90c72aff09835e1a321a10a12
freeradius-devel-3.0.21-37.el9.x86_64.rpm
SHA-256: 226e6765b675d04b36208e6d5dc5f625771bca8a28d4623f9c3c8888046554ef
freeradius-doc-3.0.21-37.el9.x86_64.rpm
SHA-256: fbafb8d6b6d378069735047cb4a13031dee916437dcb717c898365451c347b22
freeradius-krb5-3.0.21-37.el9.x86_64.rpm
SHA-256: 96e7810ec3023edbb8d1eff1b1a3e2673db513bcbe5138c32a9f2cc949370508
freeradius-krb5-debuginfo-3.0.21-37.el9.x86_64.rpm
SHA-256: 0e4a51400f1e7525d43629046c06dc8dc89fa2f7f4e588696b756dd3e18e03cb
freeradius-ldap-3.0.21-37.el9.x86_64.rpm
SHA-256: d1d412980cc9896db31ef9b075185bc5eab61dbc6173c43f79e0e58f1f699d25
freeradius-ldap-debuginfo-3.0.21-37.el9.x86_64.rpm
SHA-256: b785b78110e9e55545918e1b84d762654581d33de048b6805e1f0bda99593055
freeradius-utils-3.0.21-37.el9.x86_64.rpm
SHA-256: 367ea849a3d8776f56d6a9b97b258230df0bbd42960397a8886abb32ba464ff2
freeradius-utils-debuginfo-3.0.21-37.el9.x86_64.rpm
SHA-256: 1577420c1d5bd5856164816d8ee2e584c2fb8565caa34dac5a2f475471bf7870
python3-freeradius-3.0.21-37.el9.x86_64.rpm
SHA-256: 513f6fbae9027e6d1a6c48c05024e83dcb04423aa95461001066248d5618fd92
python3-freeradius-debuginfo-3.0.21-37.el9.x86_64.rpm
SHA-256: 30ed84ead99f75c287dfd608accbc7623bdd62d1fbb3c03a662fbc068e914a0b
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
freeradius-3.0.21-37.el9.src.rpm
SHA-256: 4094410bbc15cc3fa4dc5c25d8678d3cb33b01613c56db713ed97fe0ef6ec3a5
s390x
freeradius-3.0.21-37.el9.s390x.rpm
SHA-256: 2c8146de5bfafa622aff21c89ffb90cb3b14a29a76d1fb81b405cfddf7a16e5f
freeradius-debuginfo-3.0.21-37.el9.s390x.rpm
SHA-256: e1db7861ab0567e685e24c1082518a832da1a2198ab015131c967c691c63db79
freeradius-debugsource-3.0.21-37.el9.s390x.rpm
SHA-256: 054ddbbf0ea4114f35ff765397e78113039ec055d0ac39ea26f002e50ed90285
freeradius-devel-3.0.21-37.el9.s390x.rpm
SHA-256: 9e6fab93bd669ed3364788ef7ccab2978e6ed3bed9946b85e80cf4973e06b792
freeradius-doc-3.0.21-37.el9.s390x.rpm
SHA-256: 432e36983f9d087dcfc489125cddb34c36896b9be31de35898baf88a152c1883
freeradius-krb5-3.0.21-37.el9.s390x.rpm
SHA-256: 1758fba62188061d563c8996b4dc5acc7cad087c891b7bbc925b9cd8c258986c
freeradius-krb5-debuginfo-3.0.21-37.el9.s390x.rpm
SHA-256: d196f1e9f737c80ea8bb504834121c7fdaae08aabd356c8caba8be5b1c906f69
freeradius-ldap-3.0.21-37.el9.s390x.rpm
SHA-256: 88f1179ddd2cd1e17e77d298d81cb849e9d593e72bb3b2f49d9a5a7f288f13a3
freeradius-ldap-debuginfo-3.0.21-37.el9.s390x.rpm
SHA-256: 14b675108c3e66d2979dc21cf02d53bb501b9cfb98d3a0383d5bce7efd13ff2d
freeradius-utils-3.0.21-37.el9.s390x.rpm
SHA-256: e07852d5372b1e4c534da60eeeeda64e6bdd1e8bf30c3d5bd55e0503761c5b6d
freeradius-utils-debuginfo-3.0.21-37.el9.s390x.rpm
SHA-256: b69dfc5bd14810af8ae7e5694bb58a7f1884d345c2103484c0ed166d8f3bd41e
python3-freeradius-3.0.21-37.el9.s390x.rpm
SHA-256: 91243e7e6a6115abf56d613cb5a8e0f0a333dc843c865bff103b56fa7edc24c9
python3-freeradius-debuginfo-3.0.21-37.el9.s390x.rpm
SHA-256: b74175f09b82193e61646319004b84fa4857c423d6e01e89e67b68265dd8f5a8
Red Hat Enterprise Linux for Power, little endian 9
SRPM
freeradius-3.0.21-37.el9.src.rpm
SHA-256: 4094410bbc15cc3fa4dc5c25d8678d3cb33b01613c56db713ed97fe0ef6ec3a5
ppc64le
freeradius-3.0.21-37.el9.ppc64le.rpm
SHA-256: b724ff2d5d4b843d2abfac3bcae8ecb7655f16b4eaa3df68112a410ecc3d9ac8
freeradius-debuginfo-3.0.21-37.el9.ppc64le.rpm
SHA-256: 90e89fb026e8fd6a6c8391cda8280b0201c6ec1b316afa0e728f77d99673c80a
freeradius-debugsource-3.0.21-37.el9.ppc64le.rpm
SHA-256: 4fa272585275bc2bffe4d7fd7ad290342c8e43f7cc5779d3f3f3895b9eaf0ea8
freeradius-devel-3.0.21-37.el9.ppc64le.rpm
SHA-256: 4328ac75599a3802c4f9c7f4165357424fbbee39392506da19c1d524ea08a95d
freeradius-doc-3.0.21-37.el9.ppc64le.rpm
SHA-256: 8cf2da50338cfe9e1f90cf491f0b6328e9f882e2610299d899810c2b344b5d93
freeradius-krb5-3.0.21-37.el9.ppc64le.rpm
SHA-256: 6d64cfde6a9dcef7258bbbdff2d6a445045a214044a79949ca7a73c1a7f6cd96
freeradius-krb5-debuginfo-3.0.21-37.el9.ppc64le.rpm
SHA-256: caf961ee8606b95d9e4d50e584ff33f0b74ad66dcec760ad68f396a38b34b272
freeradius-ldap-3.0.21-37.el9.ppc64le.rpm
SHA-256: 3b183a6f6d4f03ef10f0fe40c891f790aaddbea2ead48637f9d11a4ceb7e648c
freeradius-ldap-debuginfo-3.0.21-37.el9.ppc64le.rpm
SHA-256: f827b45198fd4f1a4ce489be7bb4eb1d7b1791e6d216313fcaca5ec8b65759c5
freeradius-utils-3.0.21-37.el9.ppc64le.rpm
SHA-256: 8eea1fb428a5e191e8667635d7e15f8eb06238300dad73ffe789ee9c3b4a4421
freeradius-utils-debuginfo-3.0.21-37.el9.ppc64le.rpm
SHA-256: 53f2a86e0ee2367bdbfd593a8c1c7d9bcdc9706e222902ddf4899d6b38472be3
python3-freeradius-3.0.21-37.el9.ppc64le.rpm
SHA-256: 9102e717bc864dc894fc09e42b357105062fcb62f1cb206ec529c523af71523f
python3-freeradius-debuginfo-3.0.21-37.el9.ppc64le.rpm
SHA-256: ddac13834e0b227999f3139808f01902b51b92a2203165158737f2719e0ecc7d
Red Hat Enterprise Linux for ARM 64 9
SRPM
freeradius-3.0.21-37.el9.src.rpm
SHA-256: 4094410bbc15cc3fa4dc5c25d8678d3cb33b01613c56db713ed97fe0ef6ec3a5
aarch64
freeradius-3.0.21-37.el9.aarch64.rpm
SHA-256: 7fe5bd7a0cdd07425f318c0747b3b1eb456f2b4cb8cef4f1f66eb7b3ef54db47
freeradius-debuginfo-3.0.21-37.el9.aarch64.rpm
SHA-256: 06c10c56bf5a9336620187031c80c96cf283461ac26e16ae91c043162365f212
freeradius-debugsource-3.0.21-37.el9.aarch64.rpm
SHA-256: f12b4404628a1f20a134d3eebb9984d2f0323c1c4140193ac822d849d201168d
freeradius-devel-3.0.21-37.el9.aarch64.rpm
SHA-256: a5f8feeaf85997159cd25b93e50967d231c9353608151c1ece65f6010db5390d
freeradius-doc-3.0.21-37.el9.aarch64.rpm
SHA-256: 1c7e998f03553e9b4eb8649eeb070821ec5f83fd5050b0ceb8b6d48e9a47e652
freeradius-krb5-3.0.21-37.el9.aarch64.rpm
SHA-256: b7fbca08615f1eafc2cf421358d0d6bdf8fa302d8da676a2c0f9862b269de8fa
freeradius-krb5-debuginfo-3.0.21-37.el9.aarch64.rpm
SHA-256: e7b9569c17955c30ebd33227846258416b9c70d1385a8e4e2ba76bde19c208be
freeradius-ldap-3.0.21-37.el9.aarch64.rpm
SHA-256: d0d045e16f981033be65db097afb0c051b7467de2693f74900bbc6f7f4e5b00c
freeradius-ldap-debuginfo-3.0.21-37.el9.aarch64.rpm
SHA-256: 97202f870d015d6c0f529b74b6ab17de679c234352fc023b565049a47cd838c8
freeradius-utils-3.0.21-37.el9.aarch64.rpm
SHA-256: e283c8b390cb19d98c9a9d2a8281584ce8a863f603155ea0dd1f47cdf5ba16f5
freeradius-utils-debuginfo-3.0.21-37.el9.aarch64.rpm
SHA-256: b2d12e975b52dc5cf537648e7e17b9b6c38e9a3a6f0aa975ba32b8bdd7231d74
python3-freeradius-3.0.21-37.el9.aarch64.rpm
SHA-256: d4ed32c7e4e22be1e53db3c5651bea65e9cd3b023b8e5c860d7e1ac3de036ba4
python3-freeradius-debuginfo-3.0.21-37.el9.aarch64.rpm
SHA-256: 9fb90a026143aaf5e64f5793b24770d6b012bc3c94870d375afcc8c3551e7fd0
Red Hat CodeReady Linux Builder for x86_64 9
SRPM
x86_64
freeradius-mysql-3.0.21-37.el9.x86_64.rpm
SHA-256: 90d9d16a44bf84e0b80c9fbc6762082819867f5b99dacf11d24ebd17b6662fec
freeradius-mysql-debuginfo-3.0.21-37.el9.x86_64.rpm
SHA-256: 7af19438ccf606403941f9b15dbb44bd17c3ae5cd3b741bf33a2542f44fe2136
freeradius-perl-3.0.21-37.el9.x86_64.rpm
SHA-256: 2bd52d72da1250b5fbc780f8854090c75eaec2d389961348e1cf9165403cd6c9
freeradius-perl-debuginfo-3.0.21-37.el9.x86_64.rpm
SHA-256: 72be210009902e94182a794368a27f96d08f59e2b877e511acd6191656607565
freeradius-postgresql-3.0.21-37.el9.x86_64.rpm
SHA-256: 7ae257bcac95ee75faf2f8da63e7313e89cb372f6b1c8ad809398e4fdadfede2
freeradius-postgresql-debuginfo-3.0.21-37.el9.x86_64.rpm
SHA-256: ead1b658034793a90a978dceafe13238b0f1f6f5347a62e0142d6137221e758d
freeradius-rest-3.0.21-37.el9.x86_64.rpm
SHA-256: f1191d6b4142cc74a3d6a9b794f0977b9996a428e6179d6af66ece6b6fc96da6
freeradius-rest-debuginfo-3.0.21-37.el9.x86_64.rpm
SHA-256: 322c6a24f7cf4de57f92ba284213a42436fc244592019ecad96729ae94aaa90c
freeradius-sqlite-3.0.21-37.el9.x86_64.rpm
SHA-256: 154d92876a63cdbce5f54f9e634efaa02e44a17e1ed32bbf83ff9a9b33d108d2
freeradius-sqlite-debuginfo-3.0.21-37.el9.x86_64.rpm
SHA-256: 0a9fd57f050606f33c46bbf79baa2f09f2584b5d63b9ecda225afdde819505df
freeradius-unixODBC-3.0.21-37.el9.x86_64.rpm
SHA-256: 07d72c77769c6aa2fff30d2464135c9919705be626c05ee9e938c27e1422d178
freeradius-unixODBC-debuginfo-3.0.21-37.el9.x86_64.rpm
SHA-256: b47b1377bf7cf2e387731ed09ca6c1bf0f1e87b17e0cd3f0356dce84fee6a8d5
Red Hat CodeReady Linux Builder for Power, little endian 9
SRPM
ppc64le
freeradius-mysql-3.0.21-37.el9.ppc64le.rpm
SHA-256: b5e554e407a22e26a946033f35b6764cb697029897faebc4860518ec85967dd1
freeradius-mysql-debuginfo-3.0.21-37.el9.ppc64le.rpm
SHA-256: 315b274f313ba922f639a8b1eb3135aed8fef41f6499d31a9c9ac74cabd17297
freeradius-perl-3.0.21-37.el9.ppc64le.rpm
SHA-256: 169548d23f2c9ed6fb81d7c198015e7be3c85d05f698aaa17cf0f7fb98ce4e9d
freeradius-perl-debuginfo-3.0.21-37.el9.ppc64le.rpm
SHA-256: fd6e4371b5f0ee3943524550b07946c73da6c99305658cf15b5d9196c3e0b114
freeradius-postgresql-3.0.21-37.el9.ppc64le.rpm
SHA-256: f87ea4473efd8e81a991f413ae4b9d1b488f6885595eba0b5a2d43b370785cc8
freeradius-postgresql-debuginfo-3.0.21-37.el9.ppc64le.rpm
SHA-256: d59e2e797535ff5b6a52d2595fb5850cdef6ddc75a967d67ed692e54db482667
freeradius-rest-3.0.21-37.el9.ppc64le.rpm
SHA-256: 4b5e809042f607d830641d167cc3f3345db7eb8c8a81ab02c8b2bdaef99bcfce
freeradius-rest-debuginfo-3.0.21-37.el9.ppc64le.rpm
SHA-256: f8d519fb959cc806222cf38414393b4cc2dfa83d87719c91185ca1e905b5ed7f
freeradius-sqlite-3.0.21-37.el9.ppc64le.rpm
SHA-256: 46fd7fa7faa52e6038d5201bb2decb7c8b7b55af258f251e7ebef8de2e88dd59
freeradius-sqlite-debuginfo-3.0.21-37.el9.ppc64le.rpm
SHA-256: 8625bd7de3033cb147fd2231167848e1147e4f61c29e1d332ffcabb0ccdcb093
freeradius-unixODBC-3.0.21-37.el9.ppc64le.rpm
SHA-256: 86f1f5c4aeff9c1747587e954e9eda5561699115a35ad0ea8118e6df222cd300
freeradius-unixODBC-debuginfo-3.0.21-37.el9.ppc64le.rpm
SHA-256: 6f5a42b7a60ce74e7857984f09f08bbdf58d21fdf15189ff75dea0cc37b9a23b
Red Hat CodeReady Linux Builder for ARM 64 9
SRPM
aarch64
freeradius-mysql-3.0.21-37.el9.aarch64.rpm
SHA-256: 18f2590cb12825375d393d48f59844c5b6165f875b239c4e2d1c0ec673f6489c
freeradius-mysql-debuginfo-3.0.21-37.el9.aarch64.rpm
SHA-256: 5f65eebe84540938f01805df56039d39d4778bf68a6a32df7043a069ad4ee1fd
freeradius-perl-3.0.21-37.el9.aarch64.rpm
SHA-256: 5e5d32c4b67b6953f3b2c833e3ee0a999573c03e7c3c3a583ad904550d19d871
freeradius-perl-debuginfo-3.0.21-37.el9.aarch64.rpm
SHA-256: d8d18e2f53a51bb0cd36d32404e188da4c417139fc1763735c78627989a72ae7
freeradius-postgresql-3.0.21-37.el9.aarch64.rpm
SHA-256: 498149fee8585d4761772ed5e7e1fd56f617f72971a57d4e77cd59b8a0b2dd9f
freeradius-postgresql-debuginfo-3.0.21-37.el9.aarch64.rpm
SHA-256: 80bff9e3f4a8c2de2c6c00ea9e2659e37da5edc4c747006e73a2877b937a83cf
freeradius-rest-3.0.21-37.el9.aarch64.rpm
SHA-256: 005a9e175fc8c37cbb92c2248342509e559272b8fd813ef910c4c62e4c2676f4
freeradius-rest-debuginfo-3.0.21-37.el9.aarch64.rpm
SHA-256: d2a940917de98584f6375796b9bc9ef371c8f4d6634f683e046d456f945e6434
freeradius-sqlite-3.0.21-37.el9.aarch64.rpm
SHA-256: da325cd25317c21846de7792d75a6e38ef16723ca9e64e52ddfe061b5d774e16
freeradius-sqlite-debuginfo-3.0.21-37.el9.aarch64.rpm
SHA-256: 89fe11599b57ecb1cf54e3fc1be15f466fc3e3060ae8a9872a66bcd83d759bfc
freeradius-unixODBC-3.0.21-37.el9.aarch64.rpm
SHA-256: c08532acd1cb487453202600125cc27ebcb63f57b8ff16befe0a3e43cdfa2c5a
freeradius-unixODBC-debuginfo-3.0.21-37.el9.aarch64.rpm
SHA-256: f8852f07718dee6f72cb7a1c466c2f552e8937e3f6bcc1159f07775b70eca605
Red Hat CodeReady Linux Builder for IBM z Systems 9
SRPM
s390x
freeradius-mysql-3.0.21-37.el9.s390x.rpm
SHA-256: 40fde25cc34a31691d239e096e865df633104ebb1292dcccaece4f92dcbd53a2
freeradius-mysql-debuginfo-3.0.21-37.el9.s390x.rpm
SHA-256: 163f17ef83f7c3fc805c7766f1ac14bea0ff5046a111c559aad1521963345a7d
freeradius-perl-3.0.21-37.el9.s390x.rpm
SHA-256: 5981ae48db93e4925472b9fc490e2e5260a775d777e8511c48cbfae84e0a9276
freeradius-perl-debuginfo-3.0.21-37.el9.s390x.rpm
SHA-256: 02dce231e3945c0b8b59a5b0e99019dba149397025b8fc753470b6a18ab44406
freeradius-postgresql-3.0.21-37.el9.s390x.rpm
SHA-256: 5b4fbee141696a1b7fe8c8165a7c527b67d2e8a3e75777bfa7acfe061413df4a
freeradius-postgresql-debuginfo-3.0.21-37.el9.s390x.rpm
SHA-256: 9e46de18e7b8af68a1c59e2a5cdf2ddf137ca8e9333782889957c088daa85df9
freeradius-rest-3.0.21-37.el9.s390x.rpm
SHA-256: bc7b7825207f1a224dd0d9151f9fd418a952a7e48e1fd356ae5c89ef6ec4881b
freeradius-rest-debuginfo-3.0.21-37.el9.s390x.rpm
SHA-256: 8ee3c6ca19f69320351ba67e9a225ceb12061421c3e1c7bb1d1d31b9f831ff79
freeradius-sqlite-3.0.21-37.el9.s390x.rpm
SHA-256: 347742ff5374152b52b92561e853022c894381d801987c28e55f9bc1978ba88e
freeradius-sqlite-debuginfo-3.0.21-37.el9.s390x.rpm
SHA-256: 7fc47254444162d9bf1764ed189e6fdea55540863edba9d9ec59564dcfd55c2c
freeradius-unixODBC-3.0.21-37.el9.s390x.rpm
SHA-256: e447ba3721dd958456c8723aa9136e7feb0597a9bbf68a17f16b95626ef1ed1b
freeradius-unixODBC-debuginfo-3.0.21-37.el9.s390x.rpm
SHA-256: 9f8e426147a4afc7d96a8526342eb735c436fce085ec7f688faf8a25bd0f2aa2
Related news
Red Hat Security Advisory 2023-2870-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Issues addressed include an information leakage vulnerability.
An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41859: In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. * CVE-2022-41860: In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the ...
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.
In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.
Ubuntu Security Notice 5785-1 - It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd handshakes. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. Shane Guan discovered that FreeRADIUS incorrectly handled memory when checking unknown SIM option sent by EAP-SIM supplicant. An attacker could possibly use this issue to cause a denial of service on the server. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Ubuntu Security Notice 5785-1 - It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd handshakes. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. Shane Guan discovered that FreeRADIUS incorrectly handled memory when checking unknown SIM option sent by EAP-SIM supplicant. An attacker could possibly use this issue to cause a denial of service on the server. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.