Your message dated Tue, 18 Jul 2017 19:50:28 +0000
with message-id <[email protected]>
and subject line Bug#868765: fixed in freeradius 3.0.15+dfsg-1
has caused the Debian Bug report #868765,
regarding freeradius: New upstream version 3.0.15 fixing security critical bugs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
868765: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868765
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: freeradius
Version: 3.0.12+dfsg-5
Severity: grave
Tags: upstream security
Justification: user security hole
Dear Maintainer,
the freeradius team released version 3.0.15 fixing several important
security issues found by a fuzzing analysis.
See:
http://freeradius.org/press/index.html#3.0.15
http://freeradius.org/security/fuzzer-2017.html
The following issues were found for v3 of freeradius up to 3.0.14:
- CVE-2017-10978. No remote code execution is possible. A denial of
service is possible.
- CVE-2017-10984. Remote code execution is possible. A denial of
service is possible.
- CVE-2017-10985. No remote code execution is possible. A denial of
service is possible.
The following affect only the DHCP part of freeradius, which is seldomly used:
- CVE-2017-10983. No remote code execution is possible. A denial of
service is possible.
- CVE-2017-10986. No remote code execution is possible. A denial of
service is possible.
- CVE-2017-10987. No remote code execution is possible. A denial of
service is possible.
Please update the package accordingly.
-- System Information:
Debian Release: 9.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages freeradius depends on:
ii freeradius-common 3.0.12+dfsg-5
ii freeradius-config 3.0.12+dfsg-5
ii libc6 2.24-11+deb9u1
ii libcap2 1:2.25-1
ii libfreeradius3 3.0.12+dfsg-5
ii libgdbm3 1.8.3-14
ii libpam0g 1.1.8-3.6
ii libpcre3 2:8.39-3
ii libperl5.24 5.24.1-3
ii libpython2.7 2.7.13-2
ii libreadline7 7.0-3
ii libsqlite3-0 3.16.2-5
ii libssl1.1 1.1.0f-3
ii libtalloc2 2.1.8-1
ii libwbclient0 2:4.5.8+dfsg-2+deb9u1+b1
ii lsb-base 9.20161125
Versions of packages freeradius recommends:
pn freeradius-utils <none>
Versions of packages freeradius suggests:
pn freeradius-krb5 <none>
pn freeradius-ldap <none>
pn freeradius-mysql <none>
pn freeradius-postgresql <none>
pn snmp <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: freeradius
Source-Version: 3.0.15+dfsg-1
We believe that the bug you reported is fixed in the latest version of
freeradius, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Stapelberg <[email protected]> (supplier of updated freeradius
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 18 Jul 2017 20:49:31 +0200
Source: freeradius
Binary: freeradius freeradius-common freeradius-config freeradius-utils
libfreeradius3 libfreeradius-dev freeradius-dhcp freeradius-krb5
freeradius-ldap freeradius-rest freeradius-postgresql freeradius-mysql
freeradius-iodbc freeradius-redis freeradius-memcached freeradius-yubikey
Architecture: source
Version: 3.0.15+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian FreeRADIUS Packaging Team
<[email protected]>
Changed-By: Michael Stapelberg <[email protected]>
Description:
freeradius - high-performance and highly configurable RADIUS server
freeradius-common - FreeRADIUS common files
freeradius-config - FreeRADIUS default config files
freeradius-dhcp - DHCP module for FreeRADIUS server
freeradius-iodbc - iODBC module for FreeRADIUS server
freeradius-krb5 - kerberos module for FreeRADIUS server
freeradius-ldap - LDAP module for FreeRADIUS server
freeradius-memcached - Memcached module for FreeRADIUS server
freeradius-mysql - MySQL module for FreeRADIUS server
freeradius-postgresql - PostgreSQL module for FreeRADIUS server
freeradius-redis - Redis module for FreeRADIUS server
freeradius-rest - REST module for FreeRADIUS server
freeradius-utils - FreeRADIUS client utilities
freeradius-yubikey - Yubikey module for FreeRADIUS server
libfreeradius-dev - FreeRADIUS shared library development files
libfreeradius3 - FreeRADIUS shared library
Closes: 868765
Changes:
freeradius (3.0.15+dfsg-1) unstable; urgency=high
.
* New upstream version 3.0.15+dfsg, addressing the following security issues:
CVE-2017-10978 (denial of service)
CVE-2017-10984 (remote code execution, denial of service)
CVE-2017-10985 (denial of service)
CVE-2017-10983 (denial of service)
CVE-2017-10986 (denial of service)
CVE-2017-10987 (denial of service)
(Closes: #868765)
Checksums-Sha1:
ff9a3717b04d4e22c541bd8845318cfd1afb36b0 3734 freeradius_3.0.15+dfsg-1.dsc
5fcf3e1bc8e932cf576d6e437be83777fb364573 3828529
freeradius_3.0.15+dfsg.orig.tar.gz
f8a113342b9c2a41dc0dbf32be13a62659a6cee0 62664
freeradius_3.0.15+dfsg-1.debian.tar.xz
df1235f65824d685d4d71173283d5f91de5a2a36 17361
freeradius_3.0.15+dfsg-1_amd64.buildinfo
Checksums-Sha256:
26336d8e801eead4f0bf95d526096e8657f85ba72457507b8aba9ee53a5f6a88 3734
freeradius_3.0.15+dfsg-1.dsc
e53f1d8b7d88532d661361255e773cf02d2a28982f244de3ae63816a7a3073be 3828529
freeradius_3.0.15+dfsg.orig.tar.gz
1544066bd4df3ecf59f2067ffac1e4fddfe444bd78e33b843b76992b4d969d8b 62664
freeradius_3.0.15+dfsg-1.debian.tar.xz
c27f852b9a469f665c4b1cbd5deba83696aae8ef868e99020dd27993e3d462d5 17361
freeradius_3.0.15+dfsg-1_amd64.buildinfo
Files:
332d6b65d39a19d9e5f58534de77f4a3 3734 net optional freeradius_3.0.15+dfsg-1.dsc
613d1f0da729f2305951708431cc07a4 3828529 net optional
freeradius_3.0.15+dfsg.orig.tar.gz
f3997b066f8a23e1283980cf1b05dab7 62664 net optional
freeradius_3.0.15+dfsg-1.debian.tar.xz
a3fde4200df16034331e7f70de3fe20f 17361 net optional
freeradius_3.0.15+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEQk4U1wPnxtQ9nW82TnFg7UrI7h0FAlluYHYACgkQTnFg7UrI
7h1dMg//eIn6eDFbXWU3MU8TXg164+011TKRTiMXRBiyw3ef+NmjriQPJVuswFxC
+kAD++7Soo5cisIKYrYHrQaegd/Yxbmo90B+uvmLoDEFlOLhLi5mnL3wrbyTvB5C
pQ5wcFrZLRtRPZFvthlk5y7ubrxtaoEO8S1T1d4dytWXB1GSA0jN2rE2Zy/oZV+8
ct9I3wVi7gA2D8Bp/aMgtJE2LCpn9Lpvcc/QsKpOmcPASf2fGsIUmSUPf6jVfpoq
ERWflAN9VvzCYlI9NzUHwBhxpsedeoKcWO0ydMqENTR8VGFSYuRIDvifwN10veYL
EMi6RB9qkViSDExuVobC7xMCF/WqHQEGJ0KmvIxj0WiyrK3XefFS4So4YAuHzpvR
kc/HAHr6bEZm/j4s96Ga7zNMZtvv0+oqDmw9TfTVmAz7UgrdIfwOB2RVdgyaUx34
eg9Ha0SA2r2hQTLLJk0ks4jA1yBtopZytQ4aPGFptAwUu6vM6UFOjQe8FNw+7EFN
GkUzB6FvLwQVaFtW/We7jUKLwpFiHGgj3gHVd4oF3jJx6re4cmB94mIkuUOYKcwB
kfEvcBrUTxA+8RVSrJpgs8u8B43TkX24V0AXwNxfWmlPbZdjOPe8bjVRPMnOTy39
npAfOO/8hW2hzLkDSuQ2U96dmyFh3RFnFC9J6DqiAo3h2vKzvuY=
=Klgy
-----END PGP SIGNATURE-----
--- End Message ---
