1
0

Accepting request 511049 from home:stroeder:branches:network

update to 3.0.15 - now with CVE ids

successfully tested on Tumbleweed x86_64

OBS-URL: https://build.opensuse.org/request/show/511049
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=100
This commit is contained in:
Adam Majer 2017-07-18 08:02:28 +00:00 committed by Git OBS Bridge
parent 44d1db1d6e
commit bbd77fa15f
6 changed files with 20 additions and 4 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2771f6ecd6c816ac4d52b66bb8ae6781ca20e1e4984c5804fc4e67de3a807c59
size 3037721

Binary file not shown.

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:23267d8505e7b2909f5bdbf3938ca077c1fe122290dc969304d4f3b594f7e3ba
size 3038070

Binary file not shown.

View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Mon Jul 17 13:46:41 UTC 2017 - michael@stroeder.com
- update to 3.0.15 with security fixes for
issues found via fuzzing by Guido Vranken
https://freeradius.org/security/fuzzer-2017.html
* CVE-2017-10978: FR-GV-201 (v2,v3) Read / write overflow in make_secret()
* CVE-2017-10983: FR-GV-206 (v2,v3) DHCP - Read overflow when decoding option 63
* CVE-2017-10984: FR-GV-301 (v3) Write overflow in data2vp_wimax()
* CVE-2017-10985: FR-GV-302 (v3) Infinite loop and memory exhaustion with 'concat' attributes
* CVE-2017-10986: FR-GV-303 (v3) DHCP - Infinite read in dhcp_attr2vp()
* CVE-2017-10987: FR-GV-304 (v3) DHCP - Buffer over-read in fr_dhcp_decode_suboptions()
* CVE-2017-10988: FR-GV-305 (v3) Decode 'signed' attributes correctly
* FR-AD-002 (v3) String lifetime issues in rlm_python
* FR-AD-003 (v3) Incorrect statement length passed into sqlite3_prepare
-------------------------------------------------------------------
Mon May 29 12:40:52 UTC 2017 - adam.majer@suse.de

View File

@ -20,7 +20,7 @@
%define apxs2 apxs2-prefork
%define apache2_sysconfdir %(%{_sbindir}/%{apxs2} -q SYSCONFDIR)
Name: freeradius-server
Version: 3.0.14
Version: 3.0.15
Release: 0
%if 0%{?suse_version} > 1140