DSA-3930-1 freeradius -- freeradiusID: oval:org.secpod.oval:def:53113 | Date: (C)2019-04-04 (M)2023-12-20 |
Class: PATCH | Family: unix |
Guido Vranken discovered that FreeRADIUS, an open source implementation of RADIUS, the IETF protocol for AAA , did not properly handle memory when processing packets. This would allow a remote attacker to cause a denial-of-service by application crash, or potentially execute arbitrary code. All those issues are covered by this single DSA, but it"s worth noting that not all issues affect all releases: - CVE-2017-10978 and CVE-2017-10983 affect both jessie and stretch - CVE-2017-10979, CVE-2017-10980, CVE-2017-10981 and CVE-2017-10982 affect only jessie - CVE-2017-10984, CVE-2017-10985, CVE-2017-10986 and CVE-2017-10987 affect only stretch.