Fedora Legacy Test Update Notification: freeradius

Marc Deslauriers marcdeslauriers at videotron.ca
Sat Dec 18 19:17:44 UTC 2004 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2004-2187
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2187
2004-12-18
---------------------------------------------------------------------

Name        : freeradius
FC1 Version : 1.0.1-0.FC1.5.legacy
Summary     : High-performance and highly configurable free RADIUS
               server.
Description :
The FreeRADIUS Server Project is a high performance and highly
configurable GPL'd free RADIUS server. The server is similar in some
respects to Livingston's 2.0 server.  While FreeRADIUS started as a
variant of the Cistron RADIUS server, they don't share a lot in common
any more. It now has many more features than Cistron or Livingston,
and is much more configurable.

---------------------------------------------------------------------
Update Information:

Updated freeradius packages that fix a number of denial of service
vulnerabilities as well as minor bugs are now available.

FreeRADIUS is a high-performance and highly configurable free RADIUS
server designed to allow centralized authentication and authorization
for a network.

A number of flaws were found in FreeRADIUS versions prior to 1.0.1. An
attacker who is able to send packets to the server could construct
carefully constructed packets in such a way as to cause the server to
consume memory or crash. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the names CAN-2004-0938,
CAN-2004-0960, and CAN-2004-0961 to these issues.

Please note that the pam config file included in these packages was
renamed to /etc/pam.d/radiusd.

Users of FreeRADIUS should update to these erratum packages that contain
FreeRADIUS 1.0.1, which is not vulnerable to these issues and also
corrects a number of bugs.

---------------------------------------------------------------------
Changelogs

fc1:
* Sun Dec 05 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
1.0.1-0.FC1.5.legacy
- Marked /etc/raddb/dictionary as a config file
- Changed path references to rpm macros

* Sun Dec 05 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
1.0.1-0.FC1.4.legacy
- Fixed install problem of radeapclient (RH #138069)

* Mon Nov 29 2004 Rob Myers <rob.myers at gtri.gatech.edu> 1.0.1-0.FC1.3.legacy
- rebuild for FC1
- fixes FL #2187
- NB: pam file is renamed

* Thu Oct 28 2004 Thomas Woerner <twoerner at redhat.com> 1.0.1-0.FC2
- new version 1.0.1: fixes (#137424)
   CAN-2004-0938 Freeradius < 1.0.1 DoS and remote crash (CAN-2004-0960,
   CAN-2004-0961)
- applied radrelay CVS patch from Kevin Bonner

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

fc1:
83a5b013fac1aaa3caee75ea97dadb9ead68ca6c 
fedora/1/updates-testing/i386/freeradius-1.0.1-0.FC1.5.legacy.i386.rpm
6b9dfc73490b32784112f0f6f0cde1d87f1812f7 
fedora/1/updates-testing/i386/freeradius-mysql-1.0.1-0.FC1.5.legacy.i386.rpm
58b1e0975443a435c982b394f775337a8eedde9a 
fedora/1/updates-testing/i386/freeradius-postgresql-1.0.1-0.FC1.5.legacy.i386.rpm
94b816b7da430f359401dade849820c962b5ad98 
fedora/1/updates-testing/i386/freeradius-unixODBC-1.0.1-0.FC1.5.legacy.i386.rpm
c26c9fe20f721946bbcf7723b654ce72d1fd587f 
fedora/1/updates-testing/SRPMS/freeradius-1.0.1-0.FC1.5.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20041218/64f1c606/attachment.sig>

More information about the fedora-legacy-list mailing list