[SECURITY] [DLA 1064-1] freeradius security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : freeradius
Version : 2.1.12+dfsg-1.2+deb7u2
CVE ID : CVE-2017-10978 CVE-2017-10979 CVE-2017-10980
CVE-2017-10981 CVE-2017-10982 CVE-2017-10983
Debian Bug : 868765
Guido Vranken discovered that FreeRADIUS, an open source
implementation of RADIUS, the IETF protocol for AAA (Authorisation,
Authentication, and
Accounting), did not properly handle memory when processing packets.
This would allow a remote attacker to cause a denial-of-service by
application crash, or potentially execute arbitrary code.
For Debian 7 "Wheezy", these problems have been fixed in version
2.1.12+dfsg-1.2+deb7u2.
We recommend that you upgrade your freeradius packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlmgYmtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTjDhAAsfXbuOb7lfoECqI+OIFz+NRhCQ0z7Yb4XPhANQsarXHC9njIF7VYJzli
Nrj1TNr3dtAGULBfpFSmHs/E4u5Ne2oX1HBObaRzFRqKYXLHhnLFFo5FdoXp6UbN
CERfJL5qJ+nbxq2o3C4NSs5LV9Z0s5i79hhmdZa/P38bV+MHxAW+6wWAyNj1QJde
LM0gZjz8ilmDbHOceJHiBfoexs0VG+lbYv1G1D7rIJVZrhtjINXsnXdecwv8Jxa8
ENJArwNJYLpb7TL2NlAr/JnRKtLSw7DAhjipSkV3MKwPegwxgAifuA8chHArZ7nB
R0F9MgKvacS5QSPAJJd7U3gsMmFyXcKZli1qB0ZzMl2H6JRsyh5pCINAqUjGkvQQ
cmn4sJqTjn/StEXaSn0UFcRuvDFJEnzbTC6Z/FrTwW5RvUdGp2Ps9fiXaDUnP182
j88O3lkSab3VtzBeibS0k2hUFSbmv0TdVPsYsnRjC/CA1KuZmONft4YnKBRAxz2A
OTU4cWZAyamaXJy62sZxNs2OP5Lub29BhrfsilAif41Lcvv5MsvgtbVU7rl6jTFS
9bhlIeyGG55l0CJ0dEaVMkMf9ym1fCjp6AGjVSUd5wSmH1WvF3Ucib+FD2TAA2pS
bOdYVD8ctHaWV5rIkwB4VtbIlNOXmGTk8GVtWafMnowPp9Sp+0g=
=Zf8E
-----END PGP SIGNATURE-----
Reply to: