ALAS-2015-581


Amazon Linux AMI Security Advisory: ALAS-2015-581
Advisory Release Date: 2015-08-17 12:30 Pacific
Severity: Medium

Issue Overview:

A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap module handled long password hashes. An attacker able to make radiusd process a malformed password hash could cause the daemon to crash.


Affected Packages:

freeradius


Issue Correction:
Run yum update freeradius to update your system.

New Packages:
i686:
    freeradius-mysql-2.2.6-4.15.amzn1.i686
    freeradius-utils-2.2.6-4.15.amzn1.i686
    freeradius-debuginfo-2.2.6-4.15.amzn1.i686
    freeradius-unixODBC-2.2.6-4.15.amzn1.i686
    freeradius-2.2.6-4.15.amzn1.i686
    freeradius-perl-2.2.6-4.15.amzn1.i686
    freeradius-postgresql-2.2.6-4.15.amzn1.i686
    freeradius-ldap-2.2.6-4.15.amzn1.i686
    freeradius-krb5-2.2.6-4.15.amzn1.i686
    freeradius-python-2.2.6-4.15.amzn1.i686

src:
    freeradius-2.2.6-4.15.amzn1.src

x86_64:
    freeradius-utils-2.2.6-4.15.amzn1.x86_64
    freeradius-mysql-2.2.6-4.15.amzn1.x86_64
    freeradius-debuginfo-2.2.6-4.15.amzn1.x86_64
    freeradius-perl-2.2.6-4.15.amzn1.x86_64
    freeradius-postgresql-2.2.6-4.15.amzn1.x86_64
    freeradius-unixODBC-2.2.6-4.15.amzn1.x86_64
    freeradius-python-2.2.6-4.15.amzn1.x86_64
    freeradius-krb5-2.2.6-4.15.amzn1.x86_64
    freeradius-2.2.6-4.15.amzn1.x86_64
    freeradius-ldap-2.2.6-4.15.amzn1.x86_64