"Ubuntu Security Notice USN-832-1 September 16, 2009
freeradius vulnerability
CVE-2009-3111
==========================
==========================
=========
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
freeradius 1.1.7-1ubuntu0.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that FreeRADIUS did not correctly handle certain
malformed attributes. A remote attacker could exploit this flaw and cause
the FreeRADIUS server to crash, resulting in a denial of service.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius_1.1=
.7-1ubuntu0.2.diff.gz
Size/MD5: 29420 24046205ce4000d6936fffda082f1c56
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius_1.1=
.7-1ubuntu0.2.dsc
Size/MD5: 1089 f48ac81f667771d7867602f012de0ae1
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius_1.1=
.7.orig.tar.gz
Size/MD5: 2673548 4bbdb04b5778b0703e62edb51fdf3e01
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-dia=
lupadmin_1.1.7-1ubuntu0.2_all.deb
Size/MD5: 116132 0c597d55be61f8eb86218545a97a1909
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-dbg=
_1.1.7-1ubuntu0.2_amd64.deb
Size/MD5: 655586 a5d8de1ce68ec51a637e5fbcb803db6c
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-iod=
bc_1.1.7-1ubuntu0.2_amd64.deb
Size/MD5: 35026 d3518140284d52145cd4b7af58061dba
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-krb=
5_1.1.7-1ubuntu0.2_amd64.deb
Size/MD5: 35526 269e282963da95f8bf0fb6ebd13ebe59
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-lda=
p_1.1.7-1ubuntu0.2_amd64.deb
Size/MD5: 52338 2e7a50a19cb73bacdb6ce2980aaeeef8
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-mys=
ql_1.1.7-1ubuntu0.2_amd64.deb
Size/MD5: 35310 9934a770a60b6e0bb27884b13ad65fad
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-pos=
tgresql_1.1.7-1ubuntu0.2_amd64.deb
Size/MD5: 35398 dc0c40b8264b720a6a7a0ff2e84ecdc1
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius_1.1=
.7-1ubuntu0.2_amd64.deb
Size/MD5: 797758 d64c394fe55cd69b6ac5d72143f75187
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-dbg=
_1.1.7-1ubuntu0.2_i386.deb
Size/MD5: 606818 a6c2dc55d5ba7608abb6eed82acfcc1e
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-iod=
bc_1.1.7-1ubuntu0.2_i386.deb
Size/MD5: 34594 b9cbc077759d123b38f40b5fcc591ac6
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-krb=
5_1.1.7-1ubuntu0.2_i386.deb
Size/MD5: 35276 7e3fb463c80e7fbaa8ef8b80e008ef30
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-lda=
p_1.1.7-1ubuntu0.2_i386.deb
Size/MD5: 51824 80688022b2a0b66420dd8455844e369c
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-mys=
ql_1.1.7-1ubuntu0.2_i386.deb
Size/MD5: 34838 b9da2e5a7b74b24d5914c8e55c258a7d
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius-pos=
tgresql_1.1.7-1ubuntu0.2_i386.deb
Size/MD5: 34956 8dbb9423504cc0f6d3c0fd7ded42819d
http://security.ubuntu.com/ubuntu/pool/main/f/freeradius/freeradius_1.1=
.7-1ubuntu0.2_i386.deb
Size/MD5: 768668 c6c7869016c18ab096c5a6c303ee4639
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-dbg_1.1.7-1ub=
untu0.2_lpia.deb
Size/MD5: 616284 5c6e1f2aa8c06c4caa8d5ca35661c317
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-iodbc_1.1.7-1=
ubuntu0.2_lpia.deb
Size/MD5: 34430 b8621d65be2cefe3860ec5075f4c0807
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-krb5_1.1.7-1u=
buntu0.2_lpia.deb
Size/MD5: 35238 13f31fff6a5e77e9784c3396eea9a811
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-ldap_1.1.7-1u=
buntu0.2_lpia.deb
Size/MD5: 51932 ab7fd210c158808b29d7bf253d79ba63
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-mysql_1.1.7-1=
ubuntu0.2_lpia.deb
Size/MD5: 34750 078e6c6e37906da714259410bf22d005
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-postgresql_1.=
1.7-1ubuntu0.2_lpia.deb
Size/MD5: 34964 2b3eb937c8e0fbe4bd38ebcdf5de597f
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius_1.1.7-1ubuntu=
0.2_lpia.deb
Size/MD5: 767560 5651ba8b7338f081d84d5b7d0ef3acdd
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-dbg_1.1.7-1ub=
untu0.2_powerpc.deb
Size/MD5: 668716 e3aabf2b75986af97aaeaad49c485151
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-iodbc_1.1.7-1=
ubuntu0.2_powerpc.deb
Size/MD5: 37088 067bdcd108ae7d6094a2321fb9ace73a
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-krb5_1.1.7-1u=
buntu0.2_powerpc.deb
Size/MD5: 37706 ea32be50c41a6412d902e84f85e1b269
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-ldap_1.1.7-1u=
buntu0.2_powerpc.deb
Size/MD5: 54942 71d39cb3d82eb6bbed160cba2cacb221
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-mysql_1.1.7-1=
ubuntu0.2_powerpc.deb
Size/MD5: 37348 1e556e8a696bf60860499313a72d84b2
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-postgresql_1.=
1.7-1ubuntu0.2_powerpc.deb
Size/MD5: 37520 ae55203e58c7e00efbf2c333a6764c20
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius_1.1.7-1ubuntu=
0.2_powerpc.deb
Size/MD5: 865766 d5f02a2bde7b7da25d08fbd513b9b9ed
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-dbg_1.1.7-1ub=
untu0.2_sparc.deb
Size/MD5: 578502 e5d53135829d6b7fc1a971d5d066da67
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-iodbc_1.1.7-1=
ubuntu0.2_sparc.deb
Size/MD5: 34366 9ed3c394b2dcb0541ebc88dceeb7e16d
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-krb5_1.1.7-1u=
buntu0.2_sparc.deb
Size/MD5: 35212 729794ada8ceaa58d66b957105ba7108
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-ldap_1.1.7-1u=
buntu0.2_sparc.deb
Size/MD5: 51208 ae2993659065f694259ca27aaa9517b4
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-mysql_1.1.7-1=
ubuntu0.2_sparc.deb
Size/MD5: 34682 10345506d4f5f881824cd3936c050e7a
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius-postgresql_1.=
1.7-1ubuntu0.2_sparc.deb
Size/MD5: 34796 2cb01627453736d36bb96d158231fdf7
http://ports.ubuntu.com/pool/main/f/freeradius/freeradius_1.1.7-1ubuntu=
0.2_sparc.deb
Size/MD5: 772458 e954a14e2dbd7182eef2484463cdd13f
--=-jXIyfCqjhaS1jXNc+lXI
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkqxOzMACgkQLMAs/0C4zNrXQQCgugyLp6naFGYyIPdqDNtGJWZL
omIAoKkhliNj5z6I4WXkYKBrAAML6jB1
=cpWk
-----END PGP SIGNATURE-----
"
Rihanna saved millions on new homeUSN-799-1: D-Bus vulnerability
This entry was posted
on 6:01 PM
.
Archives
-
▼
2009
(488)
-
▼
September
(53)
- RHSA-2009:1465-01 Important: kvm security and bug ...
- RHSA-2009:1466-01 Important: kernel security and b...
- DSA 1897-1: New horde3 packages fix arbitrary code...
- DSA 1895-1: New xmltooling packages fix potential ...
- DSA 1894-1: New newt packages fix arbitrary code e...
- DSA 1892-1: New dovecot packages fix arbitrary cod...
- GLSA 200909-20 cURL: Certificate validation error
- RHSA-2009:1461-01 Important: Red Hat Application S...
- RHSA-2009:1463-01 Moderate: newt security update
- USN-837-1: Newt vulnerability
- RHSA-2009:1452-01 Moderate: neon security update
- DSA 1891-1: New changetrack packages fix arbitrary...
- USN-836-1: WebKit vulnerabilities
- RHSA-2009:1459-04 Important: cyrus-imapd security ...
- RHSA-2009:1453-01 Moderate: pidgin security update
- USN-835-1: neon vulnerabilities
- DSA 1888-1: New openssl packages deprecate MD2 has...
- USN-834-1: PostgreSQL vulnerabilities
- GLSA 200909-19 Dnsmasq: Multiple vulnerabilities
- GLSA 200909-18 nginx: Remote execution of arbitra...
- DSA 1889-1: New icu packages correct multibyte seq...
- USN-830-1: OpenSSL vulnerability
- RHSA-2009:1438-01 Important: kernel security and b...
- USN-832-1: FreeRADIUS vulnerability
- DSA 1884-1: New nginx packages fix arbitrary code ...
- RHSA-2009:1451-01 Moderate: freeradius security up...
- DSA 1883-2: New nagios2 packages fix regression
- GLSA 200909-17 ZNC: Directory traversal
- USN-821-1: Firefox and Xulrunner vulnerabilities
- DSA 1887-1: New rails packages fix cross-site scri...
- GLSA 200909-14 Horde: Multiple vulnerabilities
- GLSA 200909-16 Wireshark: Denial of Service
- DSA 1878-2: New devscripts packages fix regressions
- GLSA 200909-12 HTMLDOC: User-assisted execution o...
- GLSA 200909-09 Screenie: Insecure temporary file ...
- DSA 1883-1: New nagios2 packages fix several cross...
- RHSA-2009:1432-01 Critical: seamonkey security update
- RHSA-2009:1431-01 Critical: seamonkey security update
- RHSA-2009:1430-01 Critical: firefox security update
- DSA 1879-1: New silc-client/silc-toolkit packages ...
- GLSA 200909-04 Clam AntiVirus: Multiple vulnerabi...
- DSA 1878-1: New devscripts packages fix remote cod...
- DSA 1881-1: New cyrus-imapd packages fix arbitrary...
- GLSA 200909-01 Linux-PAM: Privilege escalation
- GLSA 200909-02 libvorbis: User-assisted execution...
- RHSA-2009:1339-02 Low: rgmanager security, bug fix...
- RHSA-2009:1289-02 Moderate: mysql security and bug...
- RHSA-2009:1321-02 Low: nfs-utils security and bug ...
- RHSA-2009:1278-02 Low: lftp security and bug fix u...
- RHSA-2009:1341-02 Low: cman security, bug fix, and...
- RHSA-2009:1337-02 Low: gfs2-utils security and bug...
- RHSA-2009:1232-01 Moderate: gnutls security update
- RHSA-2009:1239-02 Important: kernel-rt security an...
-
▼
September
(53)