Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-1287)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123067

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2015-1287)

Resumen: The remote host is missing an update for the 'freeradius' package(s) announced via the ELSA-2015-1287 advisory.

Descripción: Summary:
The remote host is missing an update for the 'freeradius' package(s) announced via the ELSA-2015-1287 advisory.

Vulnerability Insight:
[2.2.6-4]
- Move OpenSSL init out of version check
Resolves: Bug#1189394 radiusd segfaults after update
- Comment-out ippool-dhcp.conf inclusion
Resolves: Bug#1189386 radiusd fails to start after 'clean' installation

[2.2.6-3]
- Disable OpenSSL version check
Resolves: Bug#1189011

[2.2.6-2]
- Fix a number of new Coverity errors and compiler warnings.
Resolves: Bug#1188598

[2.2.6-1]
- Upgrade to the latest upstream release v2.2.6
Resolves: Bug#921563 raddebug not working correctly
Resolves: Bug#921567 raddebug -t 0 exists immediately
Resolves: Bug#1060319 MSCHAP Authentication is not working using automatic
windows user credentials
Resolves: Bug#1078736 Rebase FreeRADIUS to 2.2.4
Resolves: Bug#1135439 Default message digest defaults to sha1
Resolves: Bug#1142669 EAP-TLS and OCSP validation causing segmentation
fault
Resolves: Bug#1173388 dictionary.mikrotik missing Attributes
- Remove radutmp rotation
Resolves: Bug#904578 radutmp should not rotate
- Check for start_servers not exceeding max_servers
Resolves: Bug#1146828 radiusd silently fails when start_servers is higher
than max_servers

Affected Software/OS:
'freeradius' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-2015
BugTraq ID: 65581
http://www.securityfocus.com/bid/65581
http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html
http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html
http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html
http://www.openwall.com/lists/oss-security/2014/02/18/3
RedHat Security Advisories: RHSA-2015:1287
http://rhn.redhat.com/errata/RHSA-2015-1287.html
http://ubuntu.com/usn/usn-2122-1

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123067
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2015-1287)
Resumen:	The remote host is missing an update for the 'freeradius' package(s) announced via the ELSA-2015-1287 advisory.
Descripción:	Summary: The remote host is missing an update for the 'freeradius' package(s) announced via the ELSA-2015-1287 advisory. Vulnerability Insight: [2.2.6-4] - Move OpenSSL init out of version check Resolves: Bug#1189394 radiusd segfaults after update - Comment-out ippool-dhcp.conf inclusion Resolves: Bug#1189386 radiusd fails to start after 'clean' installation [2.2.6-3] - Disable OpenSSL version check Resolves: Bug#1189011 [2.2.6-2] - Fix a number of new Coverity errors and compiler warnings. Resolves: Bug#1188598 [2.2.6-1] - Upgrade to the latest upstream release v2.2.6 Resolves: Bug#921563 raddebug not working correctly Resolves: Bug#921567 raddebug -t 0 exists immediately Resolves: Bug#1060319 MSCHAP Authentication is not working using automatic windows user credentials Resolves: Bug#1078736 Rebase FreeRADIUS to 2.2.4 Resolves: Bug#1135439 Default message digest defaults to sha1 Resolves: Bug#1142669 EAP-TLS and OCSP validation causing segmentation fault Resolves: Bug#1173388 dictionary.mikrotik missing Attributes - Remove radutmp rotation Resolves: Bug#904578 radutmp should not rotate - Check for start_servers not exceeding max_servers Resolves: Bug#1146828 radiusd silently fails when start_servers is higher than max_servers Affected Software/OS: 'freeradius' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2015 BugTraq ID: 65581 http://www.securityfocus.com/bid/65581 http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html http://www.openwall.com/lists/oss-security/2014/02/18/3 RedHat Security Advisories: RHSA-2015:1287 http://rhn.redhat.com/errata/RHSA-2015-1287.html http://ubuntu.com/usn/usn-2122-1
Copyright	Copyright (C) 2015 Greenbone AG