- Issued:
- 2009-12-16
- Updated:
- 2010-03-30
RHBA-2009:1678 - freeradius bug fix update
Synopsis
freeradius bug fix update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated freeradius packages that fix a bug are now available.
Description
FreeRADIUS is an Internet authentication daemon, which implements the RADIUS protocol, as defined in RFC 2865 (and others). It allows Network Access Servers (NAS boxes) to perform authentication for dial-up users. There are also RADIUS clients available for Web servers, firewalls, Unix logins, and more. Using RADIUS allows authentication and authorization for a network to be centralized, and minimizes the amount of re-configuration which has to be done when adding or deleting new users.
This update addresses the following bug:
-
an error in the EAP authentication module could cause memory corruption. Running the radeapclient utility would typically expose the problem. An error message including text such as this
*** glibc detected *** radeapclient: free(): invalid pointer:
presented and radeapclient would then abort abnormally. This update corrects the error in the EAP authentication module. The module no longer corrupts memory and applications such as radeapclient that use this module work as expected. (BZ#476513)
All freeradius users should install these updated packages, which fix this problem.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power, big endian | 5 | ppc |
| Red Hat Enterprise Linux for IBM z Systems | 5 | s390x |
| Red Hat Enterprise Linux Workstation | 5 | x86_64 |
| Red Hat Enterprise Linux Workstation | 5 | i386 |
| Red Hat Enterprise Linux Server | 5 | x86_64 |
| Red Hat Enterprise Linux Server | 5 | ia64 |
| Red Hat Enterprise Linux Server | 5 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 5 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 5 | i386 |
Updated Packages
- freeradius-postgresql-1.1.3-1.6.el5.ia64.rpm
- freeradius-1.1.3-1.6.el5.i386.rpm
- freeradius-mysql-1.1.3-1.6.el5.ia64.rpm
- freeradius-postgresql-1.1.3-1.6.el5.ppc.rpm
- freeradius-mysql-1.1.3-1.6.el5.i386.rpm
- freeradius-unixODBC-1.1.3-1.6.el5.x86_64.rpm
- freeradius-postgresql-1.1.3-1.6.el5.x86_64.rpm
- freeradius-postgresql-1.1.3-1.6.el5.i386.rpm
- freeradius-1.1.3-1.6.el5.s390x.rpm
- freeradius-1.1.3-1.6.el5.ia64.rpm
- freeradius-1.1.3-1.6.el5.ppc.rpm
- freeradius-postgresql-1.1.3-1.6.el5.s390x.rpm
- freeradius-unixODBC-1.1.3-1.6.el5.s390x.rpm
- freeradius-mysql-1.1.3-1.6.el5.x86_64.rpm
- freeradius-mysql-1.1.3-1.6.el5.s390x.rpm
- freeradius-1.1.3-1.6.el5.x86_64.rpm
- freeradius-1.1.3-1.6.el5.src.rpm
- freeradius-mysql-1.1.3-1.6.el5.ppc.rpm
- freeradius-unixODBC-1.1.3-1.6.el5.i386.rpm
- freeradius-unixODBC-1.1.3-1.6.el5.ppc.rpm
- freeradius-unixODBC-1.1.3-1.6.el5.ia64.rpm
Fixes
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.