SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for freeradius-libs-1.1.6-1tr.i586.rpm :
Mon Apr 16 14:00:00 2007 Nived Gopalan 1.1.6-1tr
- New upstream.
- SECURITY Fix: A security issue has been reported in FreeRADIUS,
caused due to a memory leak within the handling of certain malformed
diameter format values inside an EAP-TTLS tunnel. This can be
exploited to exhaust all available memory by sending a large number
of malformed authentication requests to a vulnerable server.

The Common Vulnerabilities and Exposures project has assigned the
name CVE-2007-2028 to this issue.

Mon Feb 26 13:00:00 2007 Nived Gopalan
- Rebuilt

Tue Feb 6 13:00:00 2007 Bipin S 1.1.4-1tr
- New upstream.
- Rebuild with postgresql 8.2.2.

Fri Jan 19 13:00:00 2007 Nived Gopalan 1.1.1-2tr
- Rebuilt with mysql 5.0.x.

Wed Apr 5 14:00:00 2006 Nived Gopalan 1.1.1-1tr
- New upstream.
- SECURITY Fix: A vulnerability has been reported in FreeRADIUS
caused due to an input validation error in the EAP-MSCHAPv2 state
machine. This can be exploited by manipulating the state machine
on a client system to bypass server authentication checks. Successful
exploitation may allow the attacker to gain network access without
requiring knowledge of logon credentials or cause the server to crash.

The Common Vulnerabilities and Exposures project has assigned the
name CVE-2006-1354 to this issue.

Thu Oct 13 14:00:00 2005 Ajith Thampi 1.0.4-2tr
- enable shared now
- fix dependencies
- fix undefined symbol nscd_flush_cache breaking radiusd daemon

Fri Jun 24 14:00:00 2005 Hasher J 1.0.4-1tr
- New upstream.
- Fix installation problem.
Increase a buffer size, so radrelay doesn\'t truncate values.
Updates in the documentation. Patches from Thor Spruyt.
- Security Fixes
Always escape the strings in the SQL module.
Check buffer bound when input character needs escaping in
the SQL module. Bug found by Primoz Bratanic.

Thu May 19 14:00:00 2005 Syed Shabir Zakiullah 1.0.2-5tr
- Security Fix: Potential SQL Injection and Buffer Overflow Vulnerabilities.
- A boundary error in the \"sql_escape_func()\" function in rlm_sql.c
can potentially be exploited to cause a buffer overflow via specially
crafted input that needs escaping.

- Missing sanitation when calling the \"radius_xlat()\" function in
rlm_sql.c can potentially be exploited by authenticated users to
manipulate SQL queries by injecting arbitrary SQL code.

Wed Apr 20 14:00:00 2005 Ajith Thampi 1.0.2-4tr
- Rebuilt for postgresql-8.0.2
- Changed to new init priority

Tue Apr 12 14:00:00 2005 Raghu 1.0.2-3tr
- Rebuilt for openldap-2.2.24

Tue Apr 12 14:00:00 2005 Raghu 1.0.2-2tr
- Rebuilt for openldap-2.2.9

Tue Apr 5 14:00:00 2005 Syed Shabir Zakiullah 1.0.2-1tr
- Initial Spec for TSL-3.0


  
ICM