diff options
| author | Yi Zhao <yi.zhao@windriver.com> | 2024-11-21 19:03:28 +0800 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2024-11-24 17:38:31 -0500 |
| commit | b8d1a14f7f3b76457c36752202ea7ae5881b6654 (patch) | |
| tree | 7b6c2c410ac2b5f7c653f001c81140b3e22ccb57 /meta-python/recipes-devtools/python/python3-sqlparse/CVE-2024-4340.patch | |
| parent | 83d23d2b24fde3d4d6173e4c23d3683f27e5a951 (diff) | |
| download | meta-openembedded-b8d1a14f7f3b76457c36752202ea7ae5881b6654.tar.gz | |
freeradius: upgrade 3.2.3 -> 3.2.5
ChangeLog:
https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_2_4
https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_2_5
Security fixes:
CVE-2024-3596:
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a
local attacker who can modify any valid Response (Access-Accept,
Access-Reject, or Access-Challenge) to any other response using a
chosen-prefix collision attack against MD5 Response Authenticator
signature.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-3596
https://www.freeradius.org/security/
https://www.blastradius.fail/
https://www.inkbridgenetworks.com/web/content/2557?unique=47be02c8aed46c53b0765db185320249ad873d95
(master rev: 28d82d17c8174ee17271ca43ad7eb2175211cacc)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-sqlparse/CVE-2024-4340.patch')
0 files changed, 0 insertions, 0 deletions