[ubuntu/eoan-proposed] freeradius 3.0.17+dfsg-1ubuntu2.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Apr 25 15:32:47 UTC 2019
freeradius (3.0.17+dfsg-1ubuntu2.1) disco-security; urgency=medium
* SECURITY UPDATE: Bypass authentication
- debian/patches/CVE-2019-11234-and-2019-11235-*.patch: fix
by assuring the received scalar lies within the valid
range, and by checking that the received element is not the
point at infinity and lies on the elliptic curve being used
in src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c.
- CVE-2019-11234
- CVE-2019-11235
Date: 2019-04-23 19:50:12.643908+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/freeradius/3.0.17+dfsg-1ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Eoan-changes
mailing list