Fedora has issued an advisory on June 19: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/ The issue is fixed upstream in 3.0.20, which also fixes another security issue: https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20 Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
No registered maintainer, assigning globally. CC DavidG as a recent committer.
Assignee: bugsquad => pkg-bugsCC: (none) => geiger.david68210
Done for both Cauldron and mga7!
Advisory: ======================== Updated freeradius packages fix security vulnerabilities: It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user (CVE-2019-10143). Denial of service issues due to multithreaded BN_CTX access (CVE-2019-17185). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10143 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17185 https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/ ======================== Updated packages in core/updates_testing: ======================== freeradius-3.0.20-1.mga7 freeradius-krb5-3.0.20-1.mga7 freeradius-ldap-3.0.20-1.mga7 freeradius-postgresql-3.0.20-1.mga7 freeradius-mysql-3.0.20-1.mga7 freeradius-unixODBC-3.0.20-1.mga7 freeradius-sqlite-3.0.20-1.mga7 freeradius-yubikey-3.0.20-1.mga7 libfreeradius1-3.0.20-1.mga7 libfreeradius-devel-3.0.20-1.mga7 from freeradius-3.0.20-1.mga7.src.rpm
Assignee: pkg-bugs => qa-bugsWhiteboard: MGA7TOO => (none)Version: Cauldron => 7
Fedora has issued an advisory on December 1: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/USTITI4A3TVUX3SGO7TJCJ4WWFBZFWLZ/ This has another CVE fixed in 3.0.20.
Summary: freeradius new security issue CVE-2019-10143 and CVE-2019-17185 => freeradius new security issue CVE-2019-10143, CVE-2019-13456, and CVE-2019-17185
Advisory: ======================== Updated freeradius packages fix security vulnerabilities: It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user (CVE-2019-10143). An information leak was discovered in the implementation of EAP-pwd in freeradius. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks (CVE-2019-13456). Denial of service issues due to multithreaded BN_CTX access (CVE-2019-17185). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10143 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13456 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17185 https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/USTITI4A3TVUX3SGO7TJCJ4WWFBZFWLZ/
MGA7-64 Plasma on Lenovo B50 No installation issues Ref bug 24762 Comment 5 for testing # systemctl start radiusd # systemctl -l status radiusd ● radiusd.service - FreeRADIUS high performance RADIUS server. Loaded: loaded (/usr/lib/systemd/system/radiusd.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2020-01-02 16:14:48 CET; 14s ago Process: 2739 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS) Process: 2742 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS) Main PID: 2744 (radiusd) Memory: 78.1M CGroup: /system.slice/radiusd.service └─2744 /usr/sbin/radiusd -d /etc/raddb jan 02 16:14:47 mach5.hviaene.thuis systemd[1]: Starting FreeRADIUS high performance RADIUS server.... jan 02 16:14:48 mach5.hviaene.thuis systemd[1]: Started FreeRADIUS high performance RADIUS server.. # echo 'testing Cleartext-Password := "password"' >> /etc/raddb/users # systemctl restart radiusd # radtest testing password 127.0.0.1 0 testing123 Sent Access-Request Id 69 from 0.0.0.0:49350 to 127.0.0.1:1812 length 77 User-Name = "testing" User-Password = "password" NAS-IP-Address = 192.168.2.5 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "password" Received Access-Accept Id 69 from 127.0.0.1:1812 to 127.0.0.1:49350 length 20 All seems OK.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 5.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0007.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED