Publishing details
Changelog
freeradius (3.0.16+dfsg-1ubuntu3.1) bionic-security; urgency=medium
* SECURITY UPDATE: Bypass authentication
- debian/patches/CVE-2019-11234-and-2019-11235-*.patch: fix
by assuring the received scalar lies within the valid
range, and by checking that the received element is not the
point at infinity and lies on the elliptic curve being used
in src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c.
- CVE-2019-11234
- CVE-2019-11235
-- <email address hidden> (Leonidas S. Barbosa) Wed, 17 Apr 2019 09:59:55 -0300
Builds
Package files