Amazon Linux 1 Security Advisory: ALAS-2015-581
Advisory Release Date: 2015-08-17 12:30 Pacific
Advisory Updated Date: 2015-08-17 12:30 Pacific
A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap module handled long password hashes. An attacker able to make radiusd process a malformed password hash could cause the daemon to crash.
Affected Packages:
freeradius
Issue Correction:
Run yum update freeradius to update your system.
i686:
freeradius-mysql-2.2.6-4.15.amzn1.i686
freeradius-utils-2.2.6-4.15.amzn1.i686
freeradius-debuginfo-2.2.6-4.15.amzn1.i686
freeradius-unixODBC-2.2.6-4.15.amzn1.i686
freeradius-2.2.6-4.15.amzn1.i686
freeradius-perl-2.2.6-4.15.amzn1.i686
freeradius-postgresql-2.2.6-4.15.amzn1.i686
freeradius-ldap-2.2.6-4.15.amzn1.i686
freeradius-krb5-2.2.6-4.15.amzn1.i686
freeradius-python-2.2.6-4.15.amzn1.i686
src:
freeradius-2.2.6-4.15.amzn1.src
x86_64:
freeradius-utils-2.2.6-4.15.amzn1.x86_64
freeradius-mysql-2.2.6-4.15.amzn1.x86_64
freeradius-debuginfo-2.2.6-4.15.amzn1.x86_64
freeradius-perl-2.2.6-4.15.amzn1.x86_64
freeradius-postgresql-2.2.6-4.15.amzn1.x86_64
freeradius-unixODBC-2.2.6-4.15.amzn1.x86_64
freeradius-python-2.2.6-4.15.amzn1.x86_64
freeradius-krb5-2.2.6-4.15.amzn1.x86_64
freeradius-2.2.6-4.15.amzn1.x86_64
freeradius-ldap-2.2.6-4.15.amzn1.x86_64