File _patchinfo of Package patchinfo.10993
<patchinfo incident="10993">
<issue tracker="cve" id="2019-11234"/>
<issue tracker="cve" id="2019-11235"/>
<issue tracker="bnc" id="1132664">VUL-0: CVE-2019-11234: freeradius-server,freeradius: eap-pwd: fake authentication using reflection</issue>
<issue tracker="bnc" id="1132549">VUL-0: CVE-2019-11235: freeradius-server: freeradius: eap-pwd: authentication bypass via an invalid curve attack</issue>
<packager>adamm</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for freeradius-server</summary>
<description>This update for freeradius-server fixes the following issues:
Security issues fixed:
- CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549).
- CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664).
</description>
</patchinfo>