red hat 보안 업데이트 권고

 FreeRADIUS는 네트워크에 중앙 인증 및 권한 부여를 허용하도록 설계된 고성능의 구성 가능한 무료 원격 인증 다이얼 인 사용자 서비스 서버입니다. 

보안 수정 : FreeRADIUS의 EAP 모듈이 TLS 세션 재개를 처리하는 방식에서 인증 우회 결함이 발견되었습니다. 

인증되지 않은 원격 공격자는이 결함을 잠재적으로 사용하여 이전의 인증되지 않은 TLS 세션을 다시 시작하여

 FreeRADIUS의 내부 인증 검사를 우회 할 수 있습니다.

=====================================================================

                   Red Hat Security Advisory

Synopsis:          Important: freeradius security update

Advisory ID:       RHSA-2017:1581-01

Product:           Red Hat Enterprise Linux

Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1581

Issue date:        2017-06-28

CVE Names:         CVE-2017-9148 

=====================================================================

1. Summary:

An update for freeradius is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact

of Important. A Common Vulnerability Scoring System (CVSS) base score,

which gives a detailed severity rating, is available for each vulnerability

from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

FreeRADIUS is a high-performance and highly configurable free Remote

Authentication Dial In User Service (RADIUS) server, designed to allow

centralized authentication and authorization for a network.

Security Fix(es):

* An authentication bypass flaw was found in the way the EAP module in

FreeRADIUS handled TLS session resumption. A remote unauthenticated

attacker could potentially use this flaw to bypass the inner authentication

check in FreeRADIUS by resuming an older unauthenticated TLS session.

(CVE-2017-9148)

4. Solution:

For details on how to apply this update, which includes the changes

described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1456697 - CVE-2017-9148 freeradius: TLS resumption authentication bypass

6. Package List:

Red Hat Enterprise Linux Server (v. 7):

Source:

freeradius-3.0.4-8.el7_3.src.rpm

aarch64:

freeradius-3.0.4-8.el7_3.aarch64.rpm

freeradius-debuginfo-3.0.4-8.el7_3.aarch64.rpm

ppc64:

freeradius-3.0.4-8.el7_3.ppc64.rpm

freeradius-debuginfo-3.0.4-8.el7_3.ppc64.rpm

ppc64le:

freeradius-3.0.4-8.el7_3.ppc64le.rpm

freeradius-debuginfo-3.0.4-8.el7_3.ppc64le.rpm

s390x:

freeradius-3.0.4-8.el7_3.s390x.rpm

freeradius-debuginfo-3.0.4-8.el7_3.s390x.rpm

x86_64:

freeradius-3.0.4-8.el7_3.x86_64.rpm

freeradius-debuginfo-3.0.4-8.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64:

freeradius-debuginfo-3.0.4-8.el7_3.aarch64.rpm

freeradius-devel-3.0.4-8.el7_3.aarch64.rpm

freeradius-doc-3.0.4-8.el7_3.aarch64.rpm

freeradius-krb5-3.0.4-8.el7_3.aarch64.rpm

freeradius-ldap-3.0.4-8.el7_3.aarch64.rpm

freeradius-mysql-3.0.4-8.el7_3.aarch64.rpm

freeradius-perl-3.0.4-8.el7_3.aarch64.rpm

freeradius-postgresql-3.0.4-8.el7_3.aarch64.rpm

freeradius-python-3.0.4-8.el7_3.aarch64.rpm

freeradius-sqlite-3.0.4-8.el7_3.aarch64.rpm

freeradius-unixODBC-3.0.4-8.el7_3.aarch64.rpm

freeradius-utils-3.0.4-8.el7_3.aarch64.rpm

ppc64:

freeradius-debuginfo-3.0.4-8.el7_3.ppc.rpm

freeradius-debuginfo-3.0.4-8.el7_3.ppc64.rpm

freeradius-devel-3.0.4-8.el7_3.ppc.rpm

freeradius-devel-3.0.4-8.el7_3.ppc64.rpm

freeradius-doc-3.0.4-8.el7_3.ppc64.rpm

freeradius-krb5-3.0.4-8.el7_3.ppc64.rpm

freeradius-ldap-3.0.4-8.el7_3.ppc64.rpm

freeradius-mysql-3.0.4-8.el7_3.ppc64.rpm

freeradius-perl-3.0.4-8.el7_3.ppc64.rpm

freeradius-postgresql-3.0.4-8.el7_3.ppc64.rpm

freeradius-python-3.0.4-8.el7_3.ppc64.rpm

freeradius-sqlite-3.0.4-8.el7_3.ppc64.rpm

freeradius-unixODBC-3.0.4-8.el7_3.ppc64.rpm

freeradius-utils-3.0.4-8.el7_3.ppc64.rpm

ppc64le:

freeradius-debuginfo-3.0.4-8.el7_3.ppc64le.rpm

freeradius-devel-3.0.4-8.el7_3.ppc64le.rpm

freeradius-doc-3.0.4-8.el7_3.ppc64le.rpm

freeradius-krb5-3.0.4-8.el7_3.ppc64le.rpm

freeradius-ldap-3.0.4-8.el7_3.ppc64le.rpm

freeradius-mysql-3.0.4-8.el7_3.ppc64le.rpm

freeradius-perl-3.0.4-8.el7_3.ppc64le.rpm

freeradius-postgresql-3.0.4-8.el7_3.ppc64le.rpm

freeradius-python-3.0.4-8.el7_3.ppc64le.rpm

freeradius-sqlite-3.0.4-8.el7_3.ppc64le.rpm

freeradius-unixODBC-3.0.4-8.el7_3.ppc64le.rpm

freeradius-utils-3.0.4-8.el7_3.ppc64le.rpm

s390x:

freeradius-debuginfo-3.0.4-8.el7_3.s390.rpm

freeradius-debuginfo-3.0.4-8.el7_3.s390x.rpm

freeradius-devel-3.0.4-8.el7_3.s390.rpm

freeradius-devel-3.0.4-8.el7_3.s390x.rpm

freeradius-doc-3.0.4-8.el7_3.s390x.rpm

freeradius-krb5-3.0.4-8.el7_3.s390x.rpm

freeradius-ldap-3.0.4-8.el7_3.s390x.rpm

freeradius-mysql-3.0.4-8.el7_3.s390x.rpm

freeradius-perl-3.0.4-8.el7_3.s390x.rpm

freeradius-postgresql-3.0.4-8.el7_3.s390x.rpm

freeradius-python-3.0.4-8.el7_3.s390x.rpm

freeradius-sqlite-3.0.4-8.el7_3.s390x.rpm

freeradius-unixODBC-3.0.4-8.el7_3.s390x.rpm

freeradius-utils-3.0.4-8.el7_3.s390x.rpm

x86_64:

freeradius-debuginfo-3.0.4-8.el7_3.i686.rpm

freeradius-debuginfo-3.0.4-8.el7_3.x86_64.rpm

freeradius-devel-3.0.4-8.el7_3.i686.rpm

freeradius-devel-3.0.4-8.el7_3.x86_64.rpm

freeradius-doc-3.0.4-8.el7_3.x86_64.rpm

freeradius-krb5-3.0.4-8.el7_3.x86_64.rpm

freeradius-ldap-3.0.4-8.el7_3.x86_64.rpm

freeradius-mysql-3.0.4-8.el7_3.x86_64.rpm

freeradius-perl-3.0.4-8.el7_3.x86_64.rpm

freeradius-postgresql-3.0.4-8.el7_3.x86_64.rpm

freeradius-python-3.0.4-8.el7_3.x86_64.rpm

freeradius-sqlite-3.0.4-8.el7_3.x86_64.rpm

freeradius-unixODBC-3.0.4-8.el7_3.x86_64.rpm

freeradius-utils-3.0.4-8.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:

freeradius-3.0.4-8.el7_3.src.rpm

x86_64:

freeradius-3.0.4-8.el7_3.x86_64.rpm

freeradius-debuginfo-3.0.4-8.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:

freeradius-debuginfo-3.0.4-8.el7_3.i686.rpm

freeradius-debuginfo-3.0.4-8.el7_3.x86_64.rpm

freeradius-devel-3.0.4-8.el7_3.i686.rpm

freeradius-devel-3.0.4-8.el7_3.x86_64.rpm

freeradius-doc-3.0.4-8.el7_3.x86_64.rpm

freeradius-krb5-3.0.4-8.el7_3.x86_64.rpm

freeradius-ldap-3.0.4-8.el7_3.x86_64.rpm

freeradius-mysql-3.0.4-8.el7_3.x86_64.rpm

freeradius-perl-3.0.4-8.el7_3.x86_64.rpm

freeradius-postgresql-3.0.4-8.el7_3.x86_64.rpm

freeradius-python-3.0.4-8.el7_3.x86_64.rpm

freeradius-sqlite-3.0.4-8.el7_3.x86_64.rpm

freeradius-unixODBC-3.0.4-8.el7_3.x86_64.rpm

freeradius-utils-3.0.4-8.el7_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and

details on how to verify the signature are available from

https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-9148

https://access.redhat.com/security/updates/classification/#important