The freeradius update to 3.2.5 enabled a new binary and two new modules,
as part of the BlastRADIUS vulnerability (CVE-2024-3596) mitigations:
+ * New upstream version 3.2.5+dfsg
+ This release adds a few hardening mitigations for the BlastRADIUS protocol
+ vulnerability (CVE-2024-3596).
+ - add new radsecret binary
+ - add new rlm_dpsk and rlm_eap_teap modules
The new libconvert-base32-perl and libcrypt-urandom-perl dependencies
come from radsecret, which is this 3-liner:
#!/usr/bin/env perl
#
# A tool which generates strong shared secrets.
#
use Convert::Base32;
use Crypt::URandom();
print join('-', unpack("(A4)*", lc
encode_base32(Crypt::URandom::urandom(12)))), "\n";
There has to be a different way to do this that does not involve moving
these perl modules to main...
$ src/main/radsecret
voaq-pxzx-a5bc-5pvf-woua
$ src/main/radsecret
e7y3-vqwl-dd2j-bxz2-tmuq
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-3596
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2073269
Title:
[MIR] libconvert-base32-perl and libcrypt-urandom-perl
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeradius/+bug/2073269/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
