freeradius: Security fixes for CVE-2022-41860 CVE-2022-41861 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Yi Zhao <yi.zhao@eng.windriver.com>	2023-02-09 12:02:20 +0800
committer	Armin Kuster <akuster808@gmail.com>	2023-02-11 11:08:44 -0500
commit	cd15081a7c1b556bc97955d55689b25010cad965 (patch)
tree	e268aafa5a15eb1b5d62861a6ecdd26065b4fda7 /meta-python/recipes-devtools/python/python3-ujson/0001-setup.py-Do-not-strip-debugging-symbols.patch
parent	7eb1f15de85e7f66e95d2058f955130819b67531 (diff)
download	meta-openembedded-cd15081a7c1b556bc97955d55689b25010cad965.tar.gz

freeradius: Security fixes for CVE-2022-41860 CVE-2022-41861

CVE-2022-41860: In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash. CVE-2022-41861: A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash. References: https://nvd.nist.gov/vuln/detail/CVE-2022-41860 https://nvd.nist.gov/vuln/detail/CVE-2022-41861 Patches from: CVE-2022-41860: https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708 CVE-2022-41861: https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-ujson/0001-setup.py-Do-not-strip-debugging-symbols.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: