From: Yi Zhao <[email protected]> ChangeLog: https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_2_4 https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_2_5
Security fixes: CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://www.freeradius.org/security/ https://www.blastradius.fail/ https://www.inkbridgenetworks.com/web/content/2557?unique=47be02c8aed46c53b0765db185320249ad873d95 (master rev: 28d82d17c8174ee17271ca43ad7eb2175211cacc) Signed-off-by: Yi Zhao <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Haixiao Yan <[email protected]> --- .../freeradius/{freeradius_3.2.3.bb => freeradius_3.2.5.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-networking/recipes-connectivity/freeradius/{freeradius_3.2.3.bb => freeradius_3.2.5.bb} (99%) diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.3.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.5.bb similarity index 99% rename from meta-networking/recipes-connectivity/freeradius/freeradius_3.2.3.bb rename to meta-networking/recipes-connectivity/freeradius/freeradius_3.2.5.bb index 7ea63a65d319..70f249617020 100644 --- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.3.bb +++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.5.bb @@ -39,7 +39,7 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.2.x;lfs=0 raddbdir = "${sysconfdir}/${MLPREFIX}raddb" -SRCREV = "db3d1924d9a2e8d37c43872932621f69cfdbb099" +SRCREV = "a7acce80f5ba2271d9aeb737a4a91a5bf8317f31" UPSTREAM_CHECK_GITTAGREGEX = "release_(?P<pver>\d+(\_\d+)+)" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#113965): https://lists.openembedded.org/g/openembedded-devel/message/113965 Mute This Topic: https://lists.openembedded.org/mt/109701516/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
