Overview

File _patchinfo of Package patchinfo.14500

<patchinfo incident="14500">
  <issue tracker="cve" id="2019-13456"/>
  <issue tracker="cve" id="2019-17185"/>
  <issue tracker="bnc" id="1146848">freeradius still continues establish connection evern with cert error and softfail set as no</issue>
  <issue tracker="bnc" id="1166847">VUL-0: CVE-2019-17185: freeradius-server: Fix DoS issues due to multithreaded BN_CTX access</issue>
  <issue tracker="bnc" id="1144524">VUL-0: CVE-2019-13456: freeradius-server:  no validation of peer's scalar and elliptic curve point when processing an EAP-pwd Commit frame may lead to authentication bypass</issue>
  <packager>adamm</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for freeradius-server</summary>
  <description>This update for freeradius-server fixes the following issues:

- CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd
  (bsc#1144524).
- CVE-2019-17185: Fixed a debial of service due to multithreaded
  BN_CTX access (bsc#1166847).
- Fixed an issue in TLS-EAP where the OCSP verification, when an 
  intermediate client certificate was not explicitly trusted 
  (bsc#1146848).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places