MGASA-2015-0291

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0291.html

Import Source

https://advisories.mageia.org/MGASA-2015-0291.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2015-0291

Related

CVE-2015-4680

Published

2015-07-28T21:01:59Z

Modified

2015-07-28T20:46:58Z

Summary

Updated freeradius package fixes security vulnerability

Details

The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List (CRL) checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpired client certificate, issued by an intermediate CA with a revoked certificate, is therefore accepted by FreeRADIUS (CVE-2015-4680).

The freeradius package has been updated to version 2.2.8, which fixes this issue, as well as the failure to run on Mageia 5 due to an OpenSSL issue.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2015-0291

Affected packages