Debian Security Advisory
DSA-2726-1 php-radius -- buffer overflow
- Date Reported:
- 25 Jul 2013
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 714362.
In Mitre's CVE dictionary: CVE-2013-2220.
- More information:
A buffer overflow has been discovered in the Radius extension for PHP. The function handling Vendor Specific Attributes assumed that the attributes given would always be of valid length. An attacker could use this assumption to trigger a buffer overflow.
For the oldstable distribution (squeeze), this problem has been fixed in version 1.2.5-2+squeeze1.
For the stable distribution (wheezy), this problem has been fixed in version 1.2.5-2.3+deb7u1.
For the unstable distribution (sid), this problem has been fixed in version 1.2.5-2.4.
We recommend that you upgrade your php-radius packages.