USN-832-1: FreeRADIUS vulnerability
Posted on: 09/16/2009 10:30 PM

A new FreeRADIUS vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-832-1 September 16, 2009
freeradius vulnerability
CVE-2009-3111
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
freeradius 1.1.7-1ubuntu0.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that FreeRADIUS did not correctly handle certain
malformed attributes. A remote attacker could exploit this flaw and cause
the FreeRADIUS server to crash, resulting in a denial of service.


Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius_1.1=
.7-1ubuntu0.2.diff.gz
Size/MD5: 29420 24046205ce4000d6936fffda082f1c56
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius_1.1=
.7-1ubuntu0.2.dsc
Size/MD5: 1089 f48ac81f667771d7867602f012de0ae1
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius_1.1=
.7.orig.tar.gz
Size/MD5: 2673548 4bbdb04b5778b0703e62edb51fdf3e01

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-dia=
lupadmin_1.1.7-1ubuntu0.2_all.deb
Size/MD5: 116132 0c597d55be61f8eb86218545a97a1909

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-dbg=
_1.1.7-1ubuntu0.2_amd64.deb
Size/MD5: 655586 a5d8de1ce68ec51a637e5fbcb803db6c
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-iod=
bc_1.1.7-1ubuntu0.2_amd64.deb
Size/MD5: 35026 d3518140284d52145cd4b7af58061dba
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-krb=
5_1.1.7-1ubuntu0.2_amd64.deb
Size/MD5: 35526 269e282963da95f8bf0fb6ebd13ebe59
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-lda=
p_1.1.7-1ubuntu0.2_amd64.deb
Size/MD5: 52338 2e7a50a19cb73bacdb6ce2980aaeeef8
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-mys=
ql_1.1.7-1ubuntu0.2_amd64.deb
Size/MD5: 35310 9934a770a60b6e0bb27884b13ad65fad
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-pos=
tgresql_1.1.7-1ubuntu0.2_amd64.deb
Size/MD5: 35398 dc0c40b8264b720a6a7a0ff2e84ecdc1
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius_1.1=
.7-1ubuntu0.2_amd64.deb
Size/MD5: 797758 d64c394fe55cd69b6ac5d72143f75187

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-dbg=
_1.1.7-1ubuntu0.2_i386.deb
Size/MD5: 606818 a6c2dc55d5ba7608abb6eed82acfcc1e
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-iod=
bc_1.1.7-1ubuntu0.2_i386.deb
Size/MD5: 34594 b9cbc077759d123b38f40b5fcc591ac6
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-krb=
5_1.1.7-1ubuntu0.2_i386.deb
Size/MD5: 35276 7e3fb463c80e7fbaa8ef8b80e008ef30
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-lda=
p_1.1.7-1ubuntu0.2_i386.deb
Size/MD5: 51824 80688022b2a0b66420dd8455844e369c
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-mys=
ql_1.1.7-1ubuntu0.2_i386.deb
Size/MD5: 34838 b9da2e5a7b74b24d5914c8e55c258a7d
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-pos=
tgresql_1.1.7-1ubuntu0.2_i386.deb
Size/MD5: 34956 8dbb9423504cc0f6d3c0fd7ded42819d
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius_1.1=
.7-1ubuntu0.2_i386.deb
Size/MD5: 768668 c6c7869016c18ab096c5a6c303ee4639

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-dbg_1.1.7-1ub=
untu0.2_lpia.deb
Size/MD5: 616284 5c6e1f2aa8c06c4caa8d5ca35661c317
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-iodbc_1.1.7-1=
ubuntu0.2_lpia.deb
Size/MD5: 34430 b8621d65be2cefe3860ec5075f4c0807
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-krb5_1.1.7-1u=
buntu0.2_lpia.deb
Size/MD5: 35238 13f31fff6a5e77e9784c3396eea9a811
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-ldap_1.1.7-1u=
buntu0.2_lpia.deb
Size/MD5: 51932 ab7fd210c158808b29d7bf253d79ba63
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-mysql_1.1.7-1=
ubuntu0.2_lpia.deb
Size/MD5: 34750 078e6c6e37906da714259410bf22d005
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-postgresql_1.=
1.7-1ubuntu0.2_lpia.deb
Size/MD5: 34964 2b3eb937c8e0fbe4bd38ebcdf5de597f
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius_1.1.7-1ubuntu=
0.2_lpia.deb
Size/MD5: 767560 5651ba8b7338f081d84d5b7d0ef3acdd

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-dbg_1.1.7-1ub=
untu0.2_powerpc.deb
Size/MD5: 668716 e3aabf2b75986af97aaeaad49c485151
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-iodbc_1.1.7-1=
ubuntu0.2_powerpc.deb
Size/MD5: 37088 067bdcd108ae7d6094a2321fb9ace73a
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-krb5_1.1.7-1u=
buntu0.2_powerpc.deb
Size/MD5: 37706 ea32be50c41a6412d902e84f85e1b269
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-ldap_1.1.7-1u=
buntu0.2_powerpc.deb
Size/MD5: 54942 71d39cb3d82eb6bbed160cba2cacb221
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-mysql_1.1.7-1=
ubuntu0.2_powerpc.deb
Size/MD5: 37348 1e556e8a696bf60860499313a72d84b2
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-postgresql_1.=
1.7-1ubuntu0.2_powerpc.deb
Size/MD5: 37520 ae55203e58c7e00efbf2c333a6764c20
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius_1.1.7-1ubuntu=
0.2_powerpc.deb
Size/MD5: 865766 d5f02a2bde7b7da25d08fbd513b9b9ed

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-dbg_1.1.7-1ub=
untu0.2_sparc.deb
Size/MD5: 578502 e5d53135829d6b7fc1a971d5d066da67
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-iodbc_1.1.7-1=
ubuntu0.2_sparc.deb
Size/MD5: 34366 9ed3c394b2dcb0541ebc88dceeb7e16d
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-krb5_1.1.7-1u=
buntu0.2_sparc.deb
Size/MD5: 35212 729794ada8ceaa58d66b957105ba7108
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-ldap_1.1.7-1u=
buntu0.2_sparc.deb
Size/MD5: 51208 ae2993659065f694259ca27aaa9517b4
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-mysql_1.1.7-1=
ubuntu0.2_sparc.deb
Size/MD5: 34682 10345506d4f5f881824cd3936c050e7a
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-postgresql_1.=
1.7-1ubuntu0.2_sparc.deb
Size/MD5: 34796 2cb01627453736d36bb96d158231fdf7
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius_1.1.7-1ubuntu=
0.2_sparc.deb
Size/MD5: 772458 e954a14e2dbd7182eef2484463cdd13f




--=-jXIyfCqjhaS1jXNc+lXI
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkqxOzMACgkQLMAs/0C4zNrXQQCgugyLp6naFGYyIPdqDNtGJWZL
omIAoKkhliNj5z6I4WXkYKBrAAML6jB1
=cpWk
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_832_1_freeradius_vulnerability.html)