- Issued:
- 2012-02-20
- Updated:
- 2012-02-20
RHBA-2012:0196 - freeradius2 bug fix and enhancement update
Synopsis
freeradius2 bug fix and enhancement update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated freeradius2 packages that fix several bugs and add an enhancement are now available for Red Hat Enterprise Linux 5.
Description
FreeRADIUS is an open-source Remote Authentication Dial In User Service (RADIUS) server which allows RADIUS clients to perform authentication against the RADIUS server. The RADIUS server may optionally perform accounting of its operations via the RADIUS protocol.
The freeradius2 packages have been upgraded to upstream version 2.1.12, which provides a number of bug fixes and enhancements over the previous version. (BZ#609633)
These updated freeradius2 packages provide fixes for the following bugs:
-
The documentation of command-line arguments was incomplete and in some cases erroneous; some commands did not have a man page. The man pages and help output were updated to correct these deficiencies. (BZ#546583)
-
Previously, freeradius2 did not respect the core dump configuration flag. Consequently, the radiusd process did not produce a core dump file when it terminated unexpectedly with a segmentation fault. With this update the problem has been fixed, and now if radiusd aborts, a core dump is now generated if the core dump flag is enabled. (BZ#602567)
-
The freeradius-pam-conf configuration file, /etc/pam.d/radiusd, referenced a non-existent pam configuration "password-auth". This has been fixed to refer to "system-auth". (BZ#658508)
-
The previous version of freeradius generated its temporary SSL certificates the first time the server was run with the "-X" debug flag. Now the temporary certificates are created the first time the freeradius RPM is installed. It is no longer necessary to run the server in debug mode to create the initial certificates. (BZ#756442)
-
The radtest command-line argument to request the PPP hint option was not parsed correctly. Consequently, radclient did not add the PPP hint to the request packet and the test failed. This update corrects the problem and radtest now functions as expected. (BZ#760193)
In addition, these updated freeradius2 packages provide the following enhancement:
- The radtest tool did not send a Message-Authenticator by default in an Access-Request. Consequently, radtest could not connect to a RADIUS server if it required the authenticator as per RFC 5080. With this update the problem has been fixed, and now the Message-Authenticator is always sent. (BZ#630072)
Users are advised to upgrade to these updated freeradius2 packages, which fix these bugs and add this enhancement.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power, big endian | 5 | ppc |
| Red Hat Enterprise Linux for IBM z Systems | 5 | s390x |
| Red Hat Enterprise Linux Workstation | 5 | x86_64 |
| Red Hat Enterprise Linux Workstation | 5 | i386 |
| Red Hat Enterprise Linux Server | 5 | x86_64 |
| Red Hat Enterprise Linux Server | 5 | ia64 |
| Red Hat Enterprise Linux Server | 5 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 5 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 5 | i386 |
Updated Packages
- freeradius2-ldap-2.1.12-3.el5.x86_64.rpm
- freeradius2-postgresql-2.1.12-3.el5.ppc.rpm
- freeradius2-utils-2.1.12-3.el5.ppc.rpm
- freeradius2-mysql-2.1.12-3.el5.ppc.rpm
- freeradius2-perl-2.1.12-3.el5.s390x.rpm
- freeradius2-2.1.12-3.el5.src.rpm
- freeradius2-postgresql-2.1.12-3.el5.i386.rpm
- freeradius2-utils-2.1.12-3.el5.i386.rpm
- freeradius2-unixODBC-2.1.12-3.el5.i386.rpm
- freeradius2-utils-2.1.12-3.el5.x86_64.rpm
- freeradius2-krb5-2.1.12-3.el5.x86_64.rpm
- freeradius2-unixODBC-2.1.12-3.el5.x86_64.rpm
- freeradius2-krb5-2.1.12-3.el5.s390x.rpm
- freeradius2-krb5-2.1.12-3.el5.ia64.rpm
- freeradius2-utils-2.1.12-3.el5.ia64.rpm
- freeradius2-postgresql-2.1.12-3.el5.ia64.rpm
- freeradius2-python-2.1.12-3.el5.ia64.rpm
- freeradius2-python-2.1.12-3.el5.s390x.rpm
- freeradius2-mysql-2.1.12-3.el5.x86_64.rpm
- freeradius2-unixODBC-2.1.12-3.el5.s390x.rpm
- freeradius2-perl-2.1.12-3.el5.x86_64.rpm
- freeradius2-python-2.1.12-3.el5.ppc.rpm
- freeradius2-perl-2.1.12-3.el5.i386.rpm
- freeradius2-unixODBC-2.1.12-3.el5.ppc.rpm
- freeradius2-2.1.12-3.el5.s390x.rpm
- freeradius2-mysql-2.1.12-3.el5.i386.rpm
- freeradius2-postgresql-2.1.12-3.el5.x86_64.rpm
- freeradius2-ldap-2.1.12-3.el5.s390x.rpm
- freeradius2-python-2.1.12-3.el5.i386.rpm
- freeradius2-mysql-2.1.12-3.el5.s390x.rpm
- freeradius2-ldap-2.1.12-3.el5.i386.rpm
- freeradius2-krb5-2.1.12-3.el5.i386.rpm
- freeradius2-perl-2.1.12-3.el5.ppc.rpm
- freeradius2-ldap-2.1.12-3.el5.ia64.rpm
- freeradius2-2.1.12-3.el5.ia64.rpm
- freeradius2-postgresql-2.1.12-3.el5.s390x.rpm
- freeradius2-2.1.12-3.el5.i386.rpm
- freeradius2-2.1.12-3.el5.ppc.rpm
- freeradius2-2.1.12-3.el5.x86_64.rpm
- freeradius2-perl-2.1.12-3.el5.ia64.rpm
- freeradius2-unixODBC-2.1.12-3.el5.ia64.rpm
- freeradius2-ldap-2.1.12-3.el5.ppc.rpm
- freeradius2-krb5-2.1.12-3.el5.ppc.rpm
- freeradius2-python-2.1.12-3.el5.x86_64.rpm
- freeradius2-mysql-2.1.12-3.el5.ia64.rpm
- freeradius2-utils-2.1.12-3.el5.s390x.rpm
Fixes
- This content is not included.BZ - 546583
- This content is not included.BZ - 602567
- This content is not included.BZ - 609633
- This content is not included.BZ - 658508
- This content is not included.BZ - 756442
- This content is not included.BZ - 760193
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.