MGASA-2013-0026
| Date: | February 6th, 2013 |
| Affected releases: | 2 |
| Media: | Core |
Description:
Updated freeradius packages fix security vulnerability:
It was found that the "unix" module ignored the password expiration
setting in "/etc/shadow". If FreeRADIUS was configured to use this module
for user authentication, this flaw could allow users with an expired
password to successfully authenticate, even though their access should
have been denied (CVE-2011-4966).
Updated Packages:
i586:
freeradius-2.1.12-8.2.mga2.i586.rpm
freeradius-krb5-2.1.12-8.2.mga2.i586.rpm
freeradius-ldap-2.1.12-8.2.mga2.i586.rpm
freeradius-mysql-2.1.12-8.2.mga2.i586.rpm
freeradius-postgresql-2.1.12-8.2.mga2.i586.rpm
freeradius-sqlite-2.1.12-8.2.mga2.i586.rpm
freeradius-unixODBC-2.1.12-8.2.mga2.i586.rpm
freeradius-web-2.1.12-8.2.mga2.i586.rpm
libfreeradius1-2.1.12-8.2.mga2.i586.rpm
libfreeradius-devel-2.1.12-8.2.mga2.i586.rpm
freeradius-debug-2.1.12-8.2.mga2.i586.rpm
x86_64:
freeradius-2.1.12-8.2.mga2.x86_64.rpm
freeradius-krb5-2.1.12-8.2.mga2.x86_64.rpm
freeradius-ldap-2.1.12-8.2.mga2.x86_64.rpm
freeradius-mysql-2.1.12-8.2.mga2.x86_64.rpm
freeradius-postgresql-2.1.12-8.2.mga2.x86_64.rpm
freeradius-sqlite-2.1.12-8.2.mga2.x86_64.rpm
freeradius-unixODBC-2.1.12-8.2.mga2.x86_64.rpm
freeradius-web-2.1.12-8.2.mga2.x86_64.rpm
lib64freeradius1-2.1.12-8.2.mga2.x86_64.rpm
lib64freeradius-devel-2.1.12-8.2.mga2.x86_64.rpm
freeradius-debug-2.1.12-8.2.mga2.x86_64.rpm
SRPMS:
freeradius-2.1.12-8.2.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4966
https://rhn.redhat.com/errata/RHSA-2013-0134.html
https://bugs.mageia.org/show_bug.cgi?id=8726
