[ubuntu/cosmic-updates] freeradius 3.0.16+dfsg-3ubuntu1.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Apr 24 12:58:09 UTC 2019
freeradius (3.0.16+dfsg-3ubuntu1.1) cosmic-security; urgency=medium
* SECURITY UPDATE: Bypass authentication
- debian/patches/CVE-2019-11234-and-2019-11235-*.patch: fix
by assuring the received scalar lies within the valid
range, and by checking that the received element is not the
point at infinity and lies on the elliptic curve being used
in src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c.
- CVE-2019-11234
- CVE-2019-11235
Date: 2019-04-17 15:56:16.752366+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/freeradius/3.0.16+dfsg-3ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Cosmic-changes
mailing list