Amazon Linux 1 Security Advisory: ALAS-2023-1699
Advisory Release Date: 2023-03-02 20:22 Pacific
Advisory Updated Date: 2023-03-07 01:56 Pacific
When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash. (CVE-2022-41860)
Affected Packages:
freeradius
Issue Correction:
Run yum update freeradius to update your system.
i686:
freeradius-debuginfo-2.2.6-7.17.amzn1.i686
freeradius-2.2.6-7.17.amzn1.i686
freeradius-utils-2.2.6-7.17.amzn1.i686
freeradius-python-2.2.6-7.17.amzn1.i686
freeradius-krb5-2.2.6-7.17.amzn1.i686
freeradius-perl-2.2.6-7.17.amzn1.i686
freeradius-postgresql-2.2.6-7.17.amzn1.i686
freeradius-unixODBC-2.2.6-7.17.amzn1.i686
freeradius-mysql-2.2.6-7.17.amzn1.i686
freeradius-ldap-2.2.6-7.17.amzn1.i686
src:
freeradius-2.2.6-7.17.amzn1.src
x86_64:
freeradius-ldap-2.2.6-7.17.amzn1.x86_64
freeradius-mysql-2.2.6-7.17.amzn1.x86_64
freeradius-krb5-2.2.6-7.17.amzn1.x86_64
freeradius-unixODBC-2.2.6-7.17.amzn1.x86_64
freeradius-postgresql-2.2.6-7.17.amzn1.x86_64
freeradius-perl-2.2.6-7.17.amzn1.x86_64
freeradius-2.2.6-7.17.amzn1.x86_64
freeradius-python-2.2.6-7.17.amzn1.x86_64
freeradius-debuginfo-2.2.6-7.17.amzn1.x86_64
freeradius-utils-2.2.6-7.17.amzn1.x86_64