Overview

File _patchinfo of Package patchinfo.18281

<patchinfo incident="18281">
  <issue tracker="cve" id="2022-41861"/>
  <issue tracker="cve" id="2022-41859"/>
  <issue tracker="cve" id="2022-41860"/>
  <issue tracker="bnc" id="1206206">VUL-0: CVE-2022-41861: freeradius-server: Crash on invalid abinary data</issue>
  <issue tracker="bnc" id="1206205">VUL-0: CVE-2022-41860: freeradius-server: Crash on unknown option in EAP-SIM</issue>
  <issue tracker="bnc" id="1206204">VUL-0: CVE-2022-41859: freeradius-server: Information leakage in EAP-PWD</issue>
  <issue tracker="bnc" id="1180525">VUL-0: freeradius-server: logrotate drop-in config file /etc/logrotate.d/radiusd messes with global settings</issue>
  <issue tracker="bnc" id="1184016">VUL-0: freeradius-server: freeradius logs sensitive information in logs</issue>
  <packager>adamm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for freeradius-server</summary>
  <description>This update for freeradius-server fixes the following issues:

- CVE-2022-41859: Fixes an information leakage in EAP-PWD (bsc#1206204).
- CVE-2022-41860: Fixes a crash on unknown option in EAP-SIM (bsc#1206205).
- CVE-2022-41861: Fixes a crash on invalid abinary data (bsc#1206206).
- move logrotate options into specific parts for each log as "global" options
  will persist past and clobber global options in the main logrotate config (bsc#1180525)
- Fixed plaintext password entries in logfiles (bsc#1184016).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places