[ubuntu/zesty-updates] freeradius 3.0.12+dfsg-4ubuntu1.2 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Jul 27 16:58:14 UTC 2017

freeradius (3.0.12+dfsg-4ubuntu1.2) zesty-security; urgency=medium

  * SECURITY UPDATE: read/write overflow in make_secret()
    - debian/patches/CVE-2017-10978.patch: check lengths in
    - CVE-2017-10978
  * SECURITY UPDATE: read overflow when decoding option 63
    - debian/patches/CVE-2017-10983.patch: decode correct option in
    - CVE-2017-10983
  * SECURITY UPDATE: write overflow in data2vp_wimax()
    - debian/patches/CVE-2017-10984-1.patch: handle malformed attributes in
      src/lib/radius.c, added test to src/tests/unit/wimax.txt.
    - debian/patches/CVE-2017-10984-2.patch: simplify code in
      src/lib/radius.c, added test to src/tests/unit/extended.txt.
    - CVE-2017-10984
  * SECURITY UPDATE: infinite loop and memory exhaustion with 'concat'
    - debian/patches/CVE-2017-10985.patch: fix checks in src/lib/radius.c,
      added test to src/tests/unit/rfc.txt.
    - CVE-2017-10985
  * SECURITY UPDATE: infinite read in dhcp_attr2vp()
    - debian/patches/CVE-2017-10986.patch: fix loop in
    - CVE-2017-10986
  * SECURITY UPDATE: Buffer over-read in fr_dhcp_decode_suboptions()
    - debian/patches/CVE-2017-10987.patch: check for room in
    - CVE-2017-10987

Date: 2017-07-26 15:22:32.469243+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Zesty-changes mailing list