[ubuntu/bionic-security] freeradius 3.0.16+dfsg-1ubuntu3.1 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Wed Apr 24 12:47:41 UTC 2019
freeradius (3.0.16+dfsg-1ubuntu3.1) bionic-security; urgency=medium
* SECURITY UPDATE: Bypass authentication
- debian/patches/CVE-2019-11234-and-2019-11235-*.patch: fix
by assuring the received scalar lies within the valid
range, and by checking that the received element is not the
point at infinity and lies on the elliptic curve being used
in src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c.
- CVE-2019-11234
- CVE-2019-11235
Date: 2019-04-17 15:38:12.440063+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/freeradius/3.0.16+dfsg-1ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list