Security update for freeradius-server
This update for freeradius-server fixes the following issues:
Security issues fixed:
- CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549).
- CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Adam Majer (adamm)
Fixed bugs
bnc#1132664
VUL-0: CVE-2019-11234: freeradius-server,freeradius: eap-pwd: fake authentication using reflection
bnc#1132549
VUL-0: CVE-2019-11235: freeradius-server: freeradius: eap-pwd: authentication bypass via an invalid curve attack
