File _patchinfo of Package patchinfo.10993

<patchinfo incident="10993">
  <issue tracker="cve" id="2019-11234"/>
  <issue tracker="cve" id="2019-11235"/>
  <issue tracker="bnc" id="1132664">VUL-0: CVE-2019-11234: freeradius-server,freeradius: eap-pwd: fake authentication using reflection</issue>
  <issue tracker="bnc" id="1132549">VUL-0: CVE-2019-11235: freeradius-server: freeradius: eap-pwd: authentication bypass via an invalid curve attack</issue>
  <packager>adamm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for freeradius-server</summary>
  <description>This update for freeradius-server fixes the following issues:

Security issues fixed:

- CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549).
- CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664).
</description>
</patchinfo>
Places

File _patchinfo of Package patchinfo.10993

Places
