[Bug 106006] Re: CVE-2007-2028: vulnerable to memory exhaustion via malformed Diameter format attributes inside of an EAP-TTLS tunnel

William Grant Mon, 03 Dec 2007 20:11:55 -0800

freeradius (1.1.3-3ubuntu1.1) feisty-security; urgency=low

  * SECURITY UPDATE: denial of service in EAP-TTLS module (LP: #106006).
  * debian/patches/04_CVE-2007-2028.dpatch: Properly free VALUE_PAIR
    structures on rejected authentication, to avoid memory leaks. Patch from
    Red Hat Bugzilla.
  * References
    CVE-2007-2028


 -- William Grant <[EMAIL PROTECTED]>   Tue, 20 Nov 2007
20:10:45 +1100

** Changed in: freeradius (Ubuntu Feisty)
       Status: Fix Committed => Fix Released

-- 
CVE-2007-2028: vulnerable to memory exhaustion via malformed Diameter format 
attributes inside of an EAP-TTLS tunnel
https://bugs.launchpad.net/bugs/106006
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 106006] Re: CVE-2007-2028: vulnerable to memory exhaustion via malformed Diameter format attributes inside of an EAP-TTLS tunnel

Reply via email to