Overview

File _patchinfo of Package patchinfo.27524

<patchinfo incident="27524">
  <issue tracker="cve" id="2022-41861"/>
  <issue tracker="cve" id="2022-41859"/>
  <issue tracker="cve" id="2022-41860"/>
  <issue tracker="bnc" id="1206204">VUL-0: CVE-2022-41859: freeradius-server: Information leakage in EAP-PWD</issue>
  <issue tracker="bnc" id="1206206">VUL-0: CVE-2022-41861: freeradius-server: Crash on invalid abinary data</issue>
  <issue tracker="bnc" id="1206205">VUL-0: CVE-2022-41860: freeradius-server: Crash on unknown option in EAP-SIM</issue>
  <packager>adamm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for freeradius-server</summary>
  <description>This update for freeradius-server fixes the following issues:

- CVE-2022-41859: Fixed an issue in EAP-PWD that could leak
  information about the password, which could facilitate dictionary
  attacks (bsc#1206204).
- CVE-2022-41860: Fixed a crash in servers with EAP_SIM manually
  configured, which could be triggered via a malformed SIM option
  (bsc#1206205).
- CVE-2022-41861: Fixed a server crash that could be triggered by
  sending malformed data from a system in the RADIUS circle of trust
  (bsc#1206206).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places