freeradius: Security fixes for CVE-2022-41860 CVE-2022-41861 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Yi Zhao <yi.zhao@eng.windriver.com>	2023-02-09 12:02:20 +0800
committer	Armin Kuster <akuster808@gmail.com>	2023-02-11 11:08:36 -0500
commit	5fdd2edebebcafbb87b1171d57cb5bd53baf8038 (patch)
tree	d4535b4f8f12b5f8db4e2a1b2b86438320b2ffd7 /meta-python
parent	b94374f848a037e89e80de25e25d1bd40687bdba (diff)
download	meta-openembedded-5fdd2edebebcafbb87b1171d57cb5bd53baf8038.tar.gz

freeradius: Security fixes for CVE-2022-41860 CVE-2022-41861

CVE-2022-41860: In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash. CVE-2022-41861: A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash. References: https://nvd.nist.gov/vuln/detail/CVE-2022-41860 https://nvd.nist.gov/vuln/detail/CVE-2022-41861 Patches from: CVE-2022-41860: https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708 CVE-2022-41861: https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: