Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#38959 - [freeradius] security patch for Use CVE-2014-2015.
Attached to Project:
Community Packages
Opened by RbN (RbN) - Tuesday, 18 February 2014, 21:25 GMT
Last edited by Sergej Pupykin (sergej) - Wednesday, 19 February 2014, 08:37 GMT
Opened by RbN (RbN) - Tuesday, 18 February 2014, 21:25 GMT
Last edited by Sergej Pupykin (sergej) - Wednesday, 19 February 2014, 08:37 GMT
|
DetailsDescription (from oss-sec[0]):
"SSHA (and presumably SSHA) processing runs into a stack-based buffer overflow in the freeradius rlm_pap module if the password source uses an unusually long hashed password" Resolution: apply patch [1] Steps to reproduce: [0] http://openwall.com/lists/oss-security/2014/02/16/1 [1] https://github.com/FreeRADIUS/freeradius-server/commit/ff5147c9e5088c7.patch |
This task depends upon