Advisories | Mandriva

Navigation

Package name	freeradius
Date	April 5th, 2006
Advisory ID	MDKSA-2006:066
Affected versions	2006.0

Problem Description

Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS
might allow remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code by causing the external database query to fail.

Updated packages have been patched to correct this issue.

Updated Packages

Mandriva Linux 2006

 dbf792c05499b1b0f483e2628e4e3a0c  2006.0/RPMS/freeradius-1.0.4-2.2.20060mdk.i586.rpm
 20a499885c152171b4ecf72617301e86  2006.0/RPMS/libfreeradius1-1.0.4-2.2.20060mdk.i586.rpm
 eb639a959447585207f47499a92a81b6  2006.0/RPMS/libfreeradius1-devel-1.0.4-2.2.20060mdk.i586.rpm
 a37aecd75fec4406a1d944aea926b63b  2006.0/RPMS/libfreeradius1-krb5-1.0.4-2.2.20060mdk.i586.rpm
 e5e6c92fdce5c10a999d462dc96f20b3  2006.0/RPMS/libfreeradius1-ldap-1.0.4-2.2.20060mdk.i586.rpm
 ec0beb94a0016f0da9764fe833a1a41b  2006.0/RPMS/libfreeradius1-mysql-1.0.4-2.2.20060mdk.i586.rpm
 d5fec5ff3bd6053851e8dbcfddefe535  2006.0/RPMS/libfreeradius1-postgresql-1.0.4-2.2.20060mdk.i586.rpm
 f18a3cdc2cd4b0e3f7d7ceb84cdc34be  2006.0/RPMS/libfreeradius1-unixODBC-1.0.4-2.2.20060mdk.i586.rpm
 750de7e23906aa4f6bbc6a8ed6da295b  2006.0/SRPMS/freeradius-1.0.4-2.2.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 f75f0826766c30532fbcbbd27ffeccc8  x86_64/2006.0/RPMS/freeradius-1.0.4-2.2.20060mdk.x86_64.rpm
 4310dba6f4752ae7b27d15fe0af2a402  x86_64/2006.0/RPMS/lib64freeradius1-1.0.4-2.2.20060mdk.x86_64.rpm
 547dbae3b463e33982ad319c65384a8a  x86_64/2006.0/RPMS/lib64freeradius1-devel-1.0.4-2.2.20060mdk.x86_64.rpm
 1fa46e4c163c05bed1a8544f02881782  x86_64/2006.0/RPMS/lib64freeradius1-krb5-1.0.4-2.2.20060mdk.x86_64.rpm
 941a65dbf633ce8c27d8177f1e92bcc8  x86_64/2006.0/RPMS/lib64freeradius1-ldap-1.0.4-2.2.20060mdk.x86_64.rpm
 524fa1fd942ba855bcc0ca61f809c0df  x86_64/2006.0/RPMS/lib64freeradius1-mysql-1.0.4-2.2.20060mdk.x86_64.rpm
 401ef07bb964c66a600f4c2d36ba8a55  x86_64/2006.0/RPMS/lib64freeradius1-postgresql-1.0.4-2.2.20060mdk.x86_64.rpm
 d35f0af7da3f4df1ff3d05bcae31244c  x86_64/2006.0/RPMS/lib64freeradius1-unixODBC-1.0.4-2.2.20060mdk.x86_64.rpm
 750de7e23906aa4f6bbc6a8ed6da295b  x86_64/2006.0/SRPMS/freeradius-1.0.4-2.2.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4744

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.