-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:066 http://www.mandriva.com/security/ _______________________________________________________________________ Package : freeradius Date : April 5, 2006 Affected: 2006.0 _______________________________________________________________________ Problem Description: Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. Updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4744 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: dbf792c05499b1b0f483e2628e4e3a0c 2006.0/RPMS/freeradius-1.0.4-2.2.20060mdk.i586.rpm 20a499885c152171b4ecf72617301e86 2006.0/RPMS/libfreeradius1-1.0.4-2.2.20060mdk.i586.rpm eb639a959447585207f47499a92a81b6 2006.0/RPMS/libfreeradius1-devel-1.0.4-2.2.20060mdk.i586.rpm a37aecd75fec4406a1d944aea926b63b 2006.0/RPMS/libfreeradius1-krb5-1.0.4-2.2.20060mdk.i586.rpm e5e6c92fdce5c10a999d462dc96f20b3 2006.0/RPMS/libfreeradius1-ldap-1.0.4-2.2.20060mdk.i586.rpm ec0beb94a0016f0da9764fe833a1a41b 2006.0/RPMS/libfreeradius1-mysql-1.0.4-2.2.20060mdk.i586.rpm d5fec5ff3bd6053851e8dbcfddefe535 2006.0/RPMS/libfreeradius1-postgresql-1.0.4-2.2.20060mdk.i586.rpm f18a3cdc2cd4b0e3f7d7ceb84cdc34be 2006.0/RPMS/libfreeradius1-unixODBC-1.0.4-2.2.20060mdk.i586.rpm 750de7e23906aa4f6bbc6a8ed6da295b 2006.0/SRPMS/freeradius-1.0.4-2.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: f75f0826766c30532fbcbbd27ffeccc8 x86_64/2006.0/RPMS/freeradius-1.0.4-2.2.20060mdk.x86_64.rpm 4310dba6f4752ae7b27d15fe0af2a402 x86_64/2006.0/RPMS/lib64freeradius1-1.0.4-2.2.20060mdk.x86_64.rpm 547dbae3b463e33982ad319c65384a8a x86_64/2006.0/RPMS/lib64freeradius1-devel-1.0.4-2.2.20060mdk.x86_64.rpm 1fa46e4c163c05bed1a8544f02881782 x86_64/2006.0/RPMS/lib64freeradius1-krb5-1.0.4-2.2.20060mdk.x86_64.rpm 941a65dbf633ce8c27d8177f1e92bcc8 x86_64/2006.0/RPMS/lib64freeradius1-ldap-1.0.4-2.2.20060mdk.x86_64.rpm 524fa1fd942ba855bcc0ca61f809c0df x86_64/2006.0/RPMS/lib64freeradius1-mysql-1.0.4-2.2.20060mdk.x86_64.rpm 401ef07bb964c66a600f4c2d36ba8a55 x86_64/2006.0/RPMS/lib64freeradius1-postgresql-1.0.4-2.2.20060mdk.x86_64.rpm d35f0af7da3f4df1ff3d05bcae31244c x86_64/2006.0/RPMS/lib64freeradius1-unixODBC-1.0.4-2.2.20060mdk.x86_64.rpm 750de7e23906aa4f6bbc6a8ed6da295b x86_64/2006.0/SRPMS/freeradius-1.0.4-2.2.20060mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFENCwEmqjQ0CJFipgRAuPTAJ9FWccQDpjy/26zJJNUDEK7+riKzACfQqD8 krtp8GgCoZ+TdrKKXvoC6E8= =RRZg -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/