Fedora has issued an advisory today (December 16): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GZM4O5MGLKNOE2SSXAXQNL5DSII556QA/ The issues are apparently fixed upstream in 3.0.26. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 3.0.26Whiteboard: (none) => MGA8TOO
No particular packager visible for this SRPM, so assigning the bug glabally.
Assignee: bugsquad => pkg-bugs
openSUSE has issued an advisory for this today (December 27): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YGQKLVAIGSOB2CSLQ2ASBK2MJAHL4LCI/
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Information leakage in EAP-PWD. (CVE-2022-41859) Crash on unknown option in EAP-SIM. (CVE-2022-41860) Crash on invalid abinary data. (CVE-2022-41861) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41859 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41860 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41861 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GZM4O5MGLKNOE2SSXAXQNL5DSII556QA/ https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YGQKLVAIGSOB2CSLQ2ASBK2MJAHL4LCI/ ======================== Updated packages in core/updates_testing: ======================== freeradius-3.0.22-1.1.mga8 freeradius-krb5-3.0.22-1.1.mga8 freeradius-ldap-3.0.22-1.1.mga8 freeradius-mysql-3.0.22-1.1.mga8 freeradius-postgresql-3.0.22-1.1.mga8 freeradius-sqlite-3.0.22-1.1.mga8 freeradius-unixODBC-3.0.22-1.1.mga8 freeradius-yubikey-3.0.22-1.1.mga8 lib(64)freeradius1-3.0.22-1.1.mga8 lib(64)freeradius-devel-3.0.22-1.1.mga8 from SRPM: freeradius-3.0.22-1.1.mga8.src.rpm
CC: (none) => nicolas.salgueroWhiteboard: MGA8TOO => (none)Source RPM: freeradius-3.0.25-4.mga9.src.rpm => freeradius-3.0.22-1.mga8.src.rpmAssignee: pkg-bugs => qa-bugsVersion: Cauldron => 8Status: NEW => ASSIGNEDStatus comment: Fixed upstream in 3.0.26 => (none)
MGA8-64 MATE on Acer Aspire 5253 No installation issues Ref bug 29059 Comment 6 for testing # systemctl start radiusd # systemctl -l status radiusd ● radiusd.service - FreeRADIUS high performance RADIUS server. Loaded: loaded (/usr/lib/systemd/system/radiusd.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2022-12-29 11:55:13 CET; 14s ago Process: 6760 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS) Process: 6818 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS) Main PID: 6844 (radiusd) Tasks: 6 (limit: 4364) Memory: 78.0M CPU: 730ms CGroup: /system.slice/radiusd.service └─6844 /usr/sbin/radiusd -d /etc/raddb Dec 29 11:55:12 mach7.hviaene.thuis systemd[1]: Starting FreeRADIUS high performance RADIUS server.... Dec 29 11:55:13 mach7.hviaene.thuis systemd[1]: Started FreeRADIUS high performance RADIUS server.. # echo 'testing Cleartext-Password := "password"' >> /etc/raddb/users # systemctl restart radiusd # systemctl -l status radiusd ● radiusd.service - FreeRADIUS high performance RADIUS server. Loaded: loaded (/usr/lib/systemd/system/radiusd.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2022-12-29 11:57:16 CET; 6s ago Process: 8480 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS) Process: 8482 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS) Main PID: 8484 (radiusd) Tasks: 6 (limit: 4364) Memory: 77.5M CPU: 728ms CGroup: /system.slice/radiusd.service └─8484 /usr/sbin/radiusd -d /etc/raddb Dec 29 11:57:16 mach7.hviaene.thuis systemd[1]: Starting FreeRADIUS high performance RADIUS server.... Dec 29 11:57:16 mach7.hviaene.thuis systemd[1]: Started FreeRADIUS high performance RADIUS server.. # radtest testing password 127.0.0.1 0 testing123 Sent Access-Request Id 13 from 0.0.0.0:59162 to 127.0.0.1:1812 length 77 User-Name = "testing" User-Password = "password" NAS-IP-Address = 192.168.2.7 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "password" Received Access-Accept Id 13 from 127.0.0.1:1812 to 127.0.0.1:59162 length 20 Looks all OK
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating. Advisory in comment 3.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0482.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED