DSA-3930-1 freeradius -- freeradiusID: oval:org.secpod.oval:def:603047 | Date: (C)2017-09-05 (M)2023-12-20 |
Class: PATCH | Family: unix |
Guido Vranken discovered that FreeRADIUS, an open source implementation of RADIUS, the IETF protocol for AAA , did not properly handle memory when processing packets. This would allow a remote attacker to cause a denial-of-service by application crash, or potentially execute arbitrary code. All those issues are covered by this single DSA, but it"s worth noting that not all issues affect all releases: - CVE-2017-10978 and CVE-2017-10983 affect both jessie and stretch - CVE-2017-10979, CVE-2017-10980, CVE-2017-10981 and CVE-2017-10982 affect only jessie - CVE-2017-10984, CVE-2017-10985, CVE-2017-10986 and CVE-2017-10987 affect only stretch.
Platform: |
Debian 8.x |
Debian 9.x |
Product: |
freeradius |
libfreeradius3 |
libfreeradius-dev |