Oval Definition:oval:com.redhat.rhsa:def:20070338
Revision Date:2007-05-10Version:635
Title:RHSA-2007:0338: freeradius security update (Moderate)
Description:FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized authentication and authorization for a network.

  • A memory leak flaw was found in the way FreeRADIUS parses certain authentication requests. A remote attacker could send a specially crafted authentication request which could cause FreeRADIUS to leak a small amount of memory. If enough of these requests are sent, the FreeRADIUS daemon would consume a vast quantity of system memory leading to a possible denial of service. (CVE-2007-2028)

    Users of FreeRADIUS should update to these erratum packages, which contain a backported patch to correct this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2007-2028
    RHSA-2007:0338
    RHSA-2007:0338-02
    RHSA-2007:0338-02
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND freeradius is earlier than 0:1.0.1-2.RHEL3.4
  • AND freeradius is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • freeradius is earlier than 0:1.0.1-3.RHEL4.5
  • AND freeradius is signed with Red Hat master key
  • freeradius-mysql is earlier than 0:1.0.1-3.RHEL4.5
  • AND freeradius-mysql is signed with Red Hat master key
  • freeradius-unixODBC is earlier than 0:1.0.1-3.RHEL4.5
  • AND freeradius-unixODBC is signed with Red Hat master key
  • freeradius-postgresql is earlier than 0:1.0.1-3.RHEL4.5
  • AND freeradius-postgresql is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • freeradius-mysql is earlier than 0:1.1.3-1.2.el5
  • AND freeradius-mysql is signed with Red Hat redhatrelease key
  • freeradius-postgresql is earlier than 0:1.1.3-1.2.el5
  • AND freeradius-postgresql is signed with Red Hat redhatrelease key
  • freeradius-unixODBC is earlier than 0:1.1.3-1.2.el5
  • AND freeradius-unixODBC is signed with Red Hat redhatrelease key
  • freeradius is earlier than 0:1.1.3-1.2.el5
  • AND freeradius is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • freeradius is earlier than 0:1.0.1-2.RHEL3.4
  • AND freeradius is signed with Red Hat master key
  • freeradius-mysql is earlier than 0:1.0.1-2.RHEL3.4
  • AND freeradius-mysql is signed with Red Hat master key
  • freeradius-postgresql is earlier than 0:1.0.1-2.RHEL3.4
  • AND freeradius-postgresql is signed with Red Hat master key
  • freeradius-unixODBC is earlier than 0:1.0.1-2.RHEL3.4
  • AND freeradius-unixODBC is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • freeradius is earlier than 0:1.0.1-3.RHEL4.5
  • AND freeradius is signed with Red Hat master key
  • freeradius-mysql is earlier than 0:1.0.1-3.RHEL4.5
  • AND freeradius-mysql is signed with Red Hat master key
  • freeradius-postgresql is earlier than 0:1.0.1-3.RHEL4.5
  • AND freeradius-postgresql is signed with Red Hat master key
  • freeradius-unixODBC is earlier than 0:1.0.1-3.RHEL4.5
  • AND freeradius-unixODBC is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • freeradius is earlier than 0:1.1.3-1.2.el5
  • AND freeradius is signed with Red Hat redhatrelease key
  • freeradius-mysql is earlier than 0:1.1.3-1.2.el5
  • AND freeradius-mysql is signed with Red Hat redhatrelease key
  • freeradius-postgresql is earlier than 0:1.1.3-1.2.el5
  • AND freeradius-postgresql is signed with Red Hat redhatrelease key
  • freeradius-unixODBC is earlier than 0:1.1.3-1.2.el5
  • AND freeradius-unixODBC is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • freeradius is earlier than 0:1.0.1-3.RHEL4.5
  • AND freeradius is signed with Red Hat redhatrelease2 key
  • freeradius-mysql is earlier than 0:1.0.1-3.RHEL4.5
  • AND freeradius-mysql is signed with Red Hat redhatrelease2 key
  • freeradius-postgresql is earlier than 0:1.0.1-3.RHEL4.5
  • AND freeradius-postgresql is signed with Red Hat redhatrelease2 key
  • freeradius-unixODBC is earlier than 0:1.0.1-3.RHEL4.5
  • AND freeradius-unixODBC is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • freeradius is earlier than 0:1.1.3-1.2.el5
  • AND freeradius is signed with Red Hat redhatrelease2 key
  • freeradius-mysql is earlier than 0:1.1.3-1.2.el5
  • AND freeradius-mysql is signed with Red Hat redhatrelease2 key
  • freeradius-postgresql is earlier than 0:1.1.3-1.2.el5
  • AND freeradius-postgresql is signed with Red Hat redhatrelease2 key
  • freeradius-unixODBC is earlier than 0:1.1.3-1.2.el5
  • AND freeradius-unixODBC is signed with Red Hat redhatrelease2 key
    • BACK