Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2019-1218

Related Vulnerabilities: CVE-2019-11234   CVE-2019-11235  

FreeRADIUS mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.(CVE-2019-11235) FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.(CVE-2019-11234)

Source

ALAS2-2019-1218

Amazon Linux 2 Security Advisory: ALAS-2019-1218
Advisory Release Date: 2019-05-29 19:08 Pacific
Advisory Updated Date: 2019-05-30 20:41 Pacific
Severity: Important
Issue Overview:

FreeRADIUS mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.(CVE-2019-11235)

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.(CVE-2019-11234)


Affected Packages:

freeradius


Issue Correction:
Run yum update freeradius to update your system.

New Packages:
aarch64:
    freeradius-3.0.13-10.amzn2.aarch64
    freeradius-doc-3.0.13-10.amzn2.aarch64
    freeradius-utils-3.0.13-10.amzn2.aarch64
    freeradius-devel-3.0.13-10.amzn2.aarch64
    freeradius-ldap-3.0.13-10.amzn2.aarch64
    freeradius-krb5-3.0.13-10.amzn2.aarch64
    freeradius-perl-3.0.13-10.amzn2.aarch64
    freeradius-python-3.0.13-10.amzn2.aarch64
    freeradius-mysql-3.0.13-10.amzn2.aarch64
    freeradius-postgresql-3.0.13-10.amzn2.aarch64
    freeradius-sqlite-3.0.13-10.amzn2.aarch64
    freeradius-unixODBC-3.0.13-10.amzn2.aarch64
    freeradius-debuginfo-3.0.13-10.amzn2.aarch64

i686:
    freeradius-3.0.13-10.amzn2.i686
    freeradius-doc-3.0.13-10.amzn2.i686
    freeradius-utils-3.0.13-10.amzn2.i686
    freeradius-devel-3.0.13-10.amzn2.i686
    freeradius-ldap-3.0.13-10.amzn2.i686
    freeradius-krb5-3.0.13-10.amzn2.i686
    freeradius-perl-3.0.13-10.amzn2.i686
    freeradius-python-3.0.13-10.amzn2.i686
    freeradius-mysql-3.0.13-10.amzn2.i686
    freeradius-postgresql-3.0.13-10.amzn2.i686
    freeradius-sqlite-3.0.13-10.amzn2.i686
    freeradius-unixODBC-3.0.13-10.amzn2.i686
    freeradius-debuginfo-3.0.13-10.amzn2.i686

src:
    freeradius-3.0.13-10.amzn2.src

x86_64:
    freeradius-3.0.13-10.amzn2.x86_64
    freeradius-doc-3.0.13-10.amzn2.x86_64
    freeradius-utils-3.0.13-10.amzn2.x86_64
    freeradius-devel-3.0.13-10.amzn2.x86_64
    freeradius-ldap-3.0.13-10.amzn2.x86_64
    freeradius-krb5-3.0.13-10.amzn2.x86_64
    freeradius-perl-3.0.13-10.amzn2.x86_64
    freeradius-python-3.0.13-10.amzn2.x86_64
    freeradius-mysql-3.0.13-10.amzn2.x86_64
    freeradius-postgresql-3.0.13-10.amzn2.x86_64
    freeradius-sqlite-3.0.13-10.amzn2.x86_64
    freeradius-unixODBC-3.0.13-10.amzn2.x86_64
    freeradius-debuginfo-3.0.13-10.amzn2.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started