Skip to content
Snippets Groups Projects
Select Git revision
  • devel default protected
  • pam
  • release-7.3 protected
  • release-7.4.2 protected
  • genxos-12
  • support-radius-ssh
  • roman-7.4.0a2-shsw-perl-noparallel
  • release-6.5 protected
  • iptv
  • nss
  • snmp
  • firewallmngr_uci
  • nw_firewallmngr
  • rt_fail2ban
  • agnau-nginx-lto
  • sshd_maxretries
  • release-7.4.0alpha2-shsw protected
  • rtsp_puse_res_timeout
  • rtsp_70_fix
  • platform-openwrt-23.05.1
  • v14.07
21 results
Blame Permalink
  • Zoltan HERPAI's avatar
    1657a09a
    freeradius2: bump to 2.2.10 · 1657a09a
    Zoltan HERPAI authored 
     - Fix multiple security issues. See http://freeradius.org/security/fuzzer-2017.html

 Thanks to Guido Vranken for working with us to discover the issues and test the fixes.
 - FR-GV-207 Avoid zero-length malloc() in data2vp().
 - FR-GV-206 correct decoding of option 60.
 - FR-GV-205 check for "too long" WiMAX options.
 - FR-GV-204 free VP if decoding fails, so we don't leak memory.
 - FR-GV-203 fix memory leak when using decode_tlv().
 - FR-GV-202 check for "too long" attributes.
 - FR-GV-201 check input/output length in make_secret().
 - FR-AD-001 Use strncmp() instead of memcmp() for bounded data.
 - Disable in-memory TLS session caches due to OpenSSL API issues.
 - Allow issuer_cert to be empty.
 - Look for extensions using correct index.
 - Fix types.
 - Work around OpenSSL 1.0.2 problems, which cause failures in TLS-based EAP methods.
 - Revert RedHat contributed bug which removes run-time checks for OpenSSL consistency.
 - Allow OCSP responder URL to be later in the packet Fix by Ean Pasternak.
 - Catch empty subject and non-existent issuer cert in OCSP Fix by Ean Pasternak.
 - Allow non-FIPS for MD5 Fix by Ean Pasternak.

Signed-off-by: default avatarZoltan HERPAI <wigyori@uid0.hu>
    1657a09a
    History
    freeradius2: bump to 2.2.10
    Zoltan HERPAI authored 
     - Fix multiple security issues. See http://freeradius.org/security/fuzzer-2017.html

 Thanks to Guido Vranken for working with us to discover the issues and test the fixes.
 - FR-GV-207 Avoid zero-length malloc() in data2vp().
 - FR-GV-206 correct decoding of option 60.
 - FR-GV-205 check for "too long" WiMAX options.
 - FR-GV-204 free VP if decoding fails, so we don't leak memory.
 - FR-GV-203 fix memory leak when using decode_tlv().
 - FR-GV-202 check for "too long" attributes.
 - FR-GV-201 check input/output length in make_secret().
 - FR-AD-001 Use strncmp() instead of memcmp() for bounded data.
 - Disable in-memory TLS session caches due to OpenSSL API issues.
 - Allow issuer_cert to be empty.
 - Look for extensions using correct index.
 - Fix types.
 - Work around OpenSSL 1.0.2 problems, which cause failures in TLS-based EAP methods.
 - Revert RedHat contributed bug which removes run-time checks for OpenSSL consistency.
 - Allow OCSP responder URL to be later in the packet Fix by Ean Pasternak.
 - Catch empty subject and non-existent issuer cert in OCSP Fix by Ean Pasternak.
 - Allow non-FIPS for MD5 Fix by Ean Pasternak.

Signed-off-by: default avatarZoltan HERPAI <wigyori@uid0.hu>