diff --git a/freeradius-server-3.0.14.tar.bz2 b/freeradius-server-3.0.14.tar.bz2 deleted file mode 100644 index 6b7488e..0000000 --- a/freeradius-server-3.0.14.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2771f6ecd6c816ac4d52b66bb8ae6781ca20e1e4984c5804fc4e67de3a807c59 -size 3037721 diff --git a/freeradius-server-3.0.14.tar.bz2.sig b/freeradius-server-3.0.14.tar.bz2.sig deleted file mode 100644 index aaf344c..0000000 Binary files a/freeradius-server-3.0.14.tar.bz2.sig and /dev/null differ diff --git a/freeradius-server-3.0.15.tar.bz2 b/freeradius-server-3.0.15.tar.bz2 new file mode 100644 index 0000000..6c103e6 --- /dev/null +++ b/freeradius-server-3.0.15.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:23267d8505e7b2909f5bdbf3938ca077c1fe122290dc969304d4f3b594f7e3ba +size 3038070 diff --git a/freeradius-server-3.0.15.tar.bz2.sig b/freeradius-server-3.0.15.tar.bz2.sig new file mode 100644 index 0000000..0437f75 Binary files /dev/null and b/freeradius-server-3.0.15.tar.bz2.sig differ diff --git a/freeradius-server.changes b/freeradius-server.changes index 85e7f21..1132c99 100644 --- a/freeradius-server.changes +++ b/freeradius-server.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Mon Jul 17 13:46:41 UTC 2017 - michael@stroeder.com + +- update to 3.0.15 with security fixes for + issues found via fuzzing by Guido Vranken + https://freeradius.org/security/fuzzer-2017.html + * CVE-2017-10978: FR-GV-201 (v2,v3) Read / write overflow in make_secret() + * CVE-2017-10983: FR-GV-206 (v2,v3) DHCP - Read overflow when decoding option 63 + * CVE-2017-10984: FR-GV-301 (v3) Write overflow in data2vp_wimax() + * CVE-2017-10985: FR-GV-302 (v3) Infinite loop and memory exhaustion with 'concat' attributes + * CVE-2017-10986: FR-GV-303 (v3) DHCP - Infinite read in dhcp_attr2vp() + * CVE-2017-10987: FR-GV-304 (v3) DHCP - Buffer over-read in fr_dhcp_decode_suboptions() + * CVE-2017-10988: FR-GV-305 (v3) Decode 'signed' attributes correctly + * FR-AD-002 (v3) String lifetime issues in rlm_python + * FR-AD-003 (v3) Incorrect statement length passed into sqlite3_prepare + ------------------------------------------------------------------- Mon May 29 12:40:52 UTC 2017 - adam.majer@suse.de diff --git a/freeradius-server.spec b/freeradius-server.spec index 87ad884..03369e8 100644 --- a/freeradius-server.spec +++ b/freeradius-server.spec @@ -20,7 +20,7 @@ %define apxs2 apxs2-prefork %define apache2_sysconfdir %(%{_sbindir}/%{apxs2} -q SYSCONFDIR) Name: freeradius-server -Version: 3.0.14 +Version: 3.0.15 Release: 0 %if 0%{?suse_version} > 1140