Red Hat Product Errata RHSA-2013:0134 - Security Advisory

Issued:: 2013-01-08
Updated:: 2013-01-08

RHSA-2013:0134 - Security Advisory

Overview
Updated Packages

Synopsis

Low: freeradius2 security and bug fix update

Type/Severity

Security Advisory: Low

Topic

Updated freeradius2 packages that fix one security issue and multiple bugs
are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

FreeRADIUS is an open-source Remote Authentication Dial-In User Service
(RADIUS) server which allows RADIUS clients to perform authentication
against the RADIUS server. The RADIUS server may optionally perform
accounting of its operations using the RADIUS protocol.

It was found that the "unix" module ignored the password expiration
setting in "/etc/shadow". If FreeRADIUS was configured to use this module
for user authentication, this flaw could allow users with an expired
password to successfully authenticate, even though their access should have
been denied. (CVE-2011-4966)

This update also fixes the following bugs:

After log rotation, the freeradius logrotate script failed to reload the
radiusd daemon and log messages were lost. This update has added a command
to the freeradius logrotate script to reload the radiusd daemon and the
radiusd daemon re-initializes and reopens its log files after log rotation
as expected. (BZ#787111)
The radtest script with the "eap-md5" option failed because it passed the
IP family argument when invoking the radeapclient utility and the
radeapclient utility did not recognize the IP family. The radeapclient
utility now recognizes the IP family argument and radtest now works with
eap-md5 as expected. (BZ#846476)
Previously, freeradius was compiled without the "--with-udpfromto"
option. Consequently, with a multihomed server and explicitly specifying
the IP address, freeradius sent the reply with the wrong IP source address.
With this update, freeradius has been built with the "--with-udpfromto"
configuration option and the RADIUS reply is always sourced from the IP
address the request was sent to. (BZ#846471)
Due to invalid syntax in the PostgreSQL admin schema file, the FreeRADIUS
PostgreSQL tables failed to be created. With this update, the syntax has
been adjusted and the tables are created as expected. (BZ#818885)
FreeRADIUS has a thread pool that dynamically grows based on load. If
multiple threads using the "rlm_perl()" function are spawned in quick
succession, the FreeRADIUS server sometimes terminated unexpectedly with a
segmentation fault due to parallel calls to the "rlm_perl_clone()"
function. With this update, a mutex for the threads has been added and the
problem no longer occurs. (BZ#846475)
The man page for "rlm_dbm_parser" was incorrectly installed as
"rlm_dbm_parse", omitting the trailing "r". The man page now correctly
appears as rlm_dbm_parser. (BZ#781877)

All users of freeradius2 are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. They are also
advised to check for RPM backup files ending in ".rpmnew" or ".rpmsave"
under the /etc/raddb/ directory after the update because the FreeRADIUS
server will attempt to load every file it finds in its configuration
directory. The extra files will often cause the wrong configuration values
to be applied resulting in either unpredictable behavior or the failure of
the server to initialize and run.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Users are also advised to check for RPM backup files ending in ".rpmnew" or
".rpmsave" under the /etc/raddb/ directory after the update because the
FreeRADIUS server will attempt to load every file it finds in its
configuration directory. The extra files will often cause the wrong
configuration values to be applied resulting in either unpredictable
behavior or the failure of the server to initialize and run.

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 781877 - rlm_dbm_parser has man pages in rlm_dbm_parse.8.gz
BZ - 787111 - freeradius logrotate script does not reload running daemon, causing log files not written after logrotate
BZ - 818885 - possible errors in /etc/raddb/sql/postgresql/admin.sql template
BZ - 846471 - freeradius not compiled with --with-udpfromto
BZ - 846474 - shadow password expiration does not work in freeradius 2.1.10
BZ - 846475 - Segfault with freeradius-perl threading
BZ - 846476 - radtest script is not working with eap-md5 option
BZ - 879045 - CVE-2011-4966 freeradius: does not respect expired passwords when using the unix module

CVEs

CVE-2011-4966

References

https://access.redhat.com/security/updates/classification/#low

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
freeradius2-2.1.12-5.el5.src.rpm	SHA-256: 950e9771f51261258d08d5600519eff7d6ebbd84f887dadeb390ea83b6122255
x86_64
freeradius2-2.1.12-5.el5.x86_64.rpm	SHA-256: 1939d892480a31972accedeed4602e557164a1c21009ae7c6e1e4390ccde3be1
freeradius2-debuginfo-2.1.12-5.el5.x86_64.rpm	SHA-256: 0833fa8c2bddcbee37b0c5f60558829c8af3653862a1d7ed81069784f9b937ad
freeradius2-krb5-2.1.12-5.el5.x86_64.rpm	SHA-256: e2fe71813d1049e1d7f21026e66e76d8b3f0c78d7afe7d3cd87cfac3d830506a
freeradius2-ldap-2.1.12-5.el5.x86_64.rpm	SHA-256: b69c318480b0db7b3771d1c41f09ef7a2aebe0c1da115733484ca9a4bbf11c5a
freeradius2-mysql-2.1.12-5.el5.x86_64.rpm	SHA-256: 2e5156e403372b435fc4c0f548bcbfe272181e64ab71bc5d91c7e40438914f4a
freeradius2-perl-2.1.12-5.el5.x86_64.rpm	SHA-256: 01eab34c5cd2acf65bbc1a8492399a7937089d3f39ad7204e520d7620345cd44
freeradius2-postgresql-2.1.12-5.el5.x86_64.rpm	SHA-256: 37e2eeb31b2b4c92b17c666ec12610a52fe655941d140acf4e6eac60c79b1219
freeradius2-python-2.1.12-5.el5.x86_64.rpm	SHA-256: c28059dee9fbdf0613d0907afab3b7357cef32f3bbd59fa25bf59332fed9aebb
freeradius2-unixODBC-2.1.12-5.el5.x86_64.rpm	SHA-256: 87ec09db99f58ee4e191479c979224310fe3c830076f5a6d9b6802fb37ee8119
freeradius2-utils-2.1.12-5.el5.x86_64.rpm	SHA-256: c99b354c49e41c47fed42938e1365bb4e87a46cc53cc91c6b94133ad15b49c76
ia64
freeradius2-2.1.12-5.el5.ia64.rpm	SHA-256: 5c8745f56084fa964fc42acc78dbd2bf6730b53e434de60281d55485d962bcb3
freeradius2-debuginfo-2.1.12-5.el5.ia64.rpm	SHA-256: c21b42b78f0c065e7a116158d8a3263abff4159771f12c34146e6ae029ca1861
freeradius2-krb5-2.1.12-5.el5.ia64.rpm	SHA-256: 9ddeef080a6497a34c1afa2153771fa8374758c9deabb6d3562b2f3f0bdffbfe
freeradius2-ldap-2.1.12-5.el5.ia64.rpm	SHA-256: 691d27f6c30e6e9c244f00363b615ff7b698f8e3038727767898a531ef49002a
freeradius2-mysql-2.1.12-5.el5.ia64.rpm	SHA-256: a3e4958d5b96662a783b6c2a6741eb086cbc4f34b202a0ec29d00d9dc0edff10
freeradius2-perl-2.1.12-5.el5.ia64.rpm	SHA-256: f2ae7bf343e9964c61ba3b14201eb44e6ecc10442a2eb085a10be721bb2525db
freeradius2-postgresql-2.1.12-5.el5.ia64.rpm	SHA-256: 8b07a07bfab0eeb8af2d291e71f2e2c039a365b60a414d123347ce0c4f89ad03
freeradius2-python-2.1.12-5.el5.ia64.rpm	SHA-256: d3e18d0feaeccbd1b16289d0723e810b5f5d26aacc94c95b157d2ec402c909e2
freeradius2-unixODBC-2.1.12-5.el5.ia64.rpm	SHA-256: 9df601d751c9a22b4081162aa5aabaa94a7bf6ec9b6e92b1cbc37a17514ed33c
freeradius2-utils-2.1.12-5.el5.ia64.rpm	SHA-256: ce7df1f48b407930e90b0384a4efecb724b9b51c7547f008a1f894e6c8283e2f
i386
freeradius2-2.1.12-5.el5.i386.rpm	SHA-256: 4214d9744506066559e9a797c1f4c227a96e7526fc4d7bb583fda28820021ccf
freeradius2-debuginfo-2.1.12-5.el5.i386.rpm	SHA-256: 501848e75dbc90ff559b5d364586666b98a43fa7eda70e1fda9575ca3dcd8c0f
freeradius2-krb5-2.1.12-5.el5.i386.rpm	SHA-256: e8cc4c1db42d4c03840b353b84a9456912572981d1acdaf970c24b03f1f9e8dc
freeradius2-ldap-2.1.12-5.el5.i386.rpm	SHA-256: 72e67028596c753d7b23040e2ba7c182f7c94605b531f857fedd25d6293c0747
freeradius2-mysql-2.1.12-5.el5.i386.rpm	SHA-256: c0548a21a1ddfde3e2dd7d6bf8a32e06e77aac5b2e2dd9570271a435944b372f
freeradius2-perl-2.1.12-5.el5.i386.rpm	SHA-256: b8214526ffdcff9ffb300192a1e950a5559a5131a5cc54a03d8d491a250c39a4
freeradius2-postgresql-2.1.12-5.el5.i386.rpm	SHA-256: 3e596389736ea024431955e6829a56e6f0f9cde8751d9b7aa9346831a0cdbe87
freeradius2-python-2.1.12-5.el5.i386.rpm	SHA-256: b2069685d114e42cb752975c23c154a9f1646cdf08093bec2f30f360ba8551a5
freeradius2-unixODBC-2.1.12-5.el5.i386.rpm	SHA-256: e0ef94b8d483bd63784b609abb2822fe44c916ccf0e29cd4b8b4d1133ba52b1b
freeradius2-utils-2.1.12-5.el5.i386.rpm	SHA-256: d2e5211a2d7cd2f26d4814dc21330be16173db6d2ed871a3e174baa6c7219c63

Red Hat Enterprise Linux Workstation 5

SRPM
freeradius2-2.1.12-5.el5.src.rpm	SHA-256: 950e9771f51261258d08d5600519eff7d6ebbd84f887dadeb390ea83b6122255
x86_64
freeradius2-2.1.12-5.el5.x86_64.rpm	SHA-256: 1939d892480a31972accedeed4602e557164a1c21009ae7c6e1e4390ccde3be1
freeradius2-debuginfo-2.1.12-5.el5.x86_64.rpm	SHA-256: 0833fa8c2bddcbee37b0c5f60558829c8af3653862a1d7ed81069784f9b937ad
freeradius2-krb5-2.1.12-5.el5.x86_64.rpm	SHA-256: e2fe71813d1049e1d7f21026e66e76d8b3f0c78d7afe7d3cd87cfac3d830506a
freeradius2-ldap-2.1.12-5.el5.x86_64.rpm	SHA-256: b69c318480b0db7b3771d1c41f09ef7a2aebe0c1da115733484ca9a4bbf11c5a
freeradius2-mysql-2.1.12-5.el5.x86_64.rpm	SHA-256: 2e5156e403372b435fc4c0f548bcbfe272181e64ab71bc5d91c7e40438914f4a
freeradius2-perl-2.1.12-5.el5.x86_64.rpm	SHA-256: 01eab34c5cd2acf65bbc1a8492399a7937089d3f39ad7204e520d7620345cd44
freeradius2-postgresql-2.1.12-5.el5.x86_64.rpm	SHA-256: 37e2eeb31b2b4c92b17c666ec12610a52fe655941d140acf4e6eac60c79b1219
freeradius2-python-2.1.12-5.el5.x86_64.rpm	SHA-256: c28059dee9fbdf0613d0907afab3b7357cef32f3bbd59fa25bf59332fed9aebb
freeradius2-unixODBC-2.1.12-5.el5.x86_64.rpm	SHA-256: 87ec09db99f58ee4e191479c979224310fe3c830076f5a6d9b6802fb37ee8119
freeradius2-utils-2.1.12-5.el5.x86_64.rpm	SHA-256: c99b354c49e41c47fed42938e1365bb4e87a46cc53cc91c6b94133ad15b49c76
i386
freeradius2-2.1.12-5.el5.i386.rpm	SHA-256: 4214d9744506066559e9a797c1f4c227a96e7526fc4d7bb583fda28820021ccf
freeradius2-debuginfo-2.1.12-5.el5.i386.rpm	SHA-256: 501848e75dbc90ff559b5d364586666b98a43fa7eda70e1fda9575ca3dcd8c0f
freeradius2-krb5-2.1.12-5.el5.i386.rpm	SHA-256: e8cc4c1db42d4c03840b353b84a9456912572981d1acdaf970c24b03f1f9e8dc
freeradius2-ldap-2.1.12-5.el5.i386.rpm	SHA-256: 72e67028596c753d7b23040e2ba7c182f7c94605b531f857fedd25d6293c0747
freeradius2-mysql-2.1.12-5.el5.i386.rpm	SHA-256: c0548a21a1ddfde3e2dd7d6bf8a32e06e77aac5b2e2dd9570271a435944b372f
freeradius2-perl-2.1.12-5.el5.i386.rpm	SHA-256: b8214526ffdcff9ffb300192a1e950a5559a5131a5cc54a03d8d491a250c39a4
freeradius2-postgresql-2.1.12-5.el5.i386.rpm	SHA-256: 3e596389736ea024431955e6829a56e6f0f9cde8751d9b7aa9346831a0cdbe87
freeradius2-python-2.1.12-5.el5.i386.rpm	SHA-256: b2069685d114e42cb752975c23c154a9f1646cdf08093bec2f30f360ba8551a5
freeradius2-unixODBC-2.1.12-5.el5.i386.rpm	SHA-256: e0ef94b8d483bd63784b609abb2822fe44c916ccf0e29cd4b8b4d1133ba52b1b
freeradius2-utils-2.1.12-5.el5.i386.rpm	SHA-256: d2e5211a2d7cd2f26d4814dc21330be16173db6d2ed871a3e174baa6c7219c63

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
freeradius2-2.1.12-5.el5.src.rpm	SHA-256: 950e9771f51261258d08d5600519eff7d6ebbd84f887dadeb390ea83b6122255
s390x
freeradius2-2.1.12-5.el5.s390x.rpm	SHA-256: 10b340eac58f1a90d019ed567cdc9900f4ef71e1ef2e5b53183591daf67b3cef
freeradius2-debuginfo-2.1.12-5.el5.s390x.rpm	SHA-256: 0d4c5245f7acd8c8768638c526febf2a92f630eabb71db70c1d91c02c030b004
freeradius2-krb5-2.1.12-5.el5.s390x.rpm	SHA-256: 6249db95c466740fc1ee61c968404e17573a110f54fa581521be79739f672132
freeradius2-ldap-2.1.12-5.el5.s390x.rpm	SHA-256: 910e51a97f1fbab811e509238f7d2fda21265f3fb69b0d5c364f1ac52d2b24b8
freeradius2-mysql-2.1.12-5.el5.s390x.rpm	SHA-256: 29ebc46cf8938b2bf85f6ecd8f96029924e59518785e6d9801adcddf6cd1f079
freeradius2-perl-2.1.12-5.el5.s390x.rpm	SHA-256: 46dcde070ba7a57db651470bcd35d64569be0be25c243efe93857b51d7cb6273
freeradius2-postgresql-2.1.12-5.el5.s390x.rpm	SHA-256: ddf9ca99b970938dd30f1637f079adb03dda6f0d15c6da1583445af12b7d0c42
freeradius2-python-2.1.12-5.el5.s390x.rpm	SHA-256: c1d17081bb277649a4e34cf3d254d2b4172a198deffb785e7e121d2dcafdc011
freeradius2-unixODBC-2.1.12-5.el5.s390x.rpm	SHA-256: 2b5911520a71105db3abc09e686214ca6d836c64d22f8a28c06993e6c75ee4f6
freeradius2-utils-2.1.12-5.el5.s390x.rpm	SHA-256: a5b1672321904a2cd38cfa745b44d478a484b094488dfcd5f816532e876bb67d

Red Hat Enterprise Linux for Power, big endian 5

SRPM
freeradius2-2.1.12-5.el5.src.rpm	SHA-256: 950e9771f51261258d08d5600519eff7d6ebbd84f887dadeb390ea83b6122255
ppc
freeradius2-2.1.12-5.el5.ppc.rpm	SHA-256: 26b0415a4d621581a69d18a5d03b41254c8554dede182b773e777d36eafc890d
freeradius2-debuginfo-2.1.12-5.el5.ppc.rpm	SHA-256: a0c4d976cbd8d3cf9aa33fce889bce54ded01adc03dab188fe55353a796fbf92
freeradius2-krb5-2.1.12-5.el5.ppc.rpm	SHA-256: d6951f6ac7b342039745a199e9882fd515c646c821c71d3756c1869b75b0b1aa
freeradius2-ldap-2.1.12-5.el5.ppc.rpm	SHA-256: 92995716fc15069177c79fe7f884915f88c7c4b742d878ff3c1e12785eeefc4f
freeradius2-mysql-2.1.12-5.el5.ppc.rpm	SHA-256: 7f80352830c92c2cd99fd7babe62187a47e74bf2b8ca093c5af05ac99cc233d5
freeradius2-perl-2.1.12-5.el5.ppc.rpm	SHA-256: 30e1421e990af501bbefa9b540832e10c1ae1033f03afec69ebdd96aad7d9f63
freeradius2-postgresql-2.1.12-5.el5.ppc.rpm	SHA-256: 5cbfb0b0068d49116e8dd7fef63960def9a00604498caa4d823a8af3039fbdc9
freeradius2-python-2.1.12-5.el5.ppc.rpm	SHA-256: 9f5a0f9310df5a0d302456044eca46242dd02ec0595e3317ef023d8bc7c0f4f8
freeradius2-unixODBC-2.1.12-5.el5.ppc.rpm	SHA-256: fa0d150fc390b30af873a09017cd937ce2566649aad1a7cff71744ec547920c2
freeradius2-utils-2.1.12-5.el5.ppc.rpm	SHA-256: 708160ad7a9ba5a33d43365fd8648fd534a3d3988da0bbf4027b5bddb832b7bf

Red Hat Enterprise Linux Server from RHUI 5

SRPM
freeradius2-2.1.12-5.el5.src.rpm	SHA-256: 950e9771f51261258d08d5600519eff7d6ebbd84f887dadeb390ea83b6122255
x86_64
freeradius2-2.1.12-5.el5.x86_64.rpm	SHA-256: 1939d892480a31972accedeed4602e557164a1c21009ae7c6e1e4390ccde3be1
freeradius2-debuginfo-2.1.12-5.el5.x86_64.rpm	SHA-256: 0833fa8c2bddcbee37b0c5f60558829c8af3653862a1d7ed81069784f9b937ad
freeradius2-krb5-2.1.12-5.el5.x86_64.rpm	SHA-256: e2fe71813d1049e1d7f21026e66e76d8b3f0c78d7afe7d3cd87cfac3d830506a
freeradius2-ldap-2.1.12-5.el5.x86_64.rpm	SHA-256: b69c318480b0db7b3771d1c41f09ef7a2aebe0c1da115733484ca9a4bbf11c5a
freeradius2-mysql-2.1.12-5.el5.x86_64.rpm	SHA-256: 2e5156e403372b435fc4c0f548bcbfe272181e64ab71bc5d91c7e40438914f4a
freeradius2-perl-2.1.12-5.el5.x86_64.rpm	SHA-256: 01eab34c5cd2acf65bbc1a8492399a7937089d3f39ad7204e520d7620345cd44
freeradius2-postgresql-2.1.12-5.el5.x86_64.rpm	SHA-256: 37e2eeb31b2b4c92b17c666ec12610a52fe655941d140acf4e6eac60c79b1219
freeradius2-python-2.1.12-5.el5.x86_64.rpm	SHA-256: c28059dee9fbdf0613d0907afab3b7357cef32f3bbd59fa25bf59332fed9aebb
freeradius2-unixODBC-2.1.12-5.el5.x86_64.rpm	SHA-256: 87ec09db99f58ee4e191479c979224310fe3c830076f5a6d9b6802fb37ee8119
freeradius2-utils-2.1.12-5.el5.x86_64.rpm	SHA-256: c99b354c49e41c47fed42938e1365bb4e87a46cc53cc91c6b94133ad15b49c76
i386
freeradius2-2.1.12-5.el5.i386.rpm	SHA-256: 4214d9744506066559e9a797c1f4c227a96e7526fc4d7bb583fda28820021ccf
freeradius2-debuginfo-2.1.12-5.el5.i386.rpm	SHA-256: 501848e75dbc90ff559b5d364586666b98a43fa7eda70e1fda9575ca3dcd8c0f
freeradius2-krb5-2.1.12-5.el5.i386.rpm	SHA-256: e8cc4c1db42d4c03840b353b84a9456912572981d1acdaf970c24b03f1f9e8dc
freeradius2-ldap-2.1.12-5.el5.i386.rpm	SHA-256: 72e67028596c753d7b23040e2ba7c182f7c94605b531f857fedd25d6293c0747
freeradius2-mysql-2.1.12-5.el5.i386.rpm	SHA-256: c0548a21a1ddfde3e2dd7d6bf8a32e06e77aac5b2e2dd9570271a435944b372f
freeradius2-perl-2.1.12-5.el5.i386.rpm	SHA-256: b8214526ffdcff9ffb300192a1e950a5559a5131a5cc54a03d8d491a250c39a4
freeradius2-postgresql-2.1.12-5.el5.i386.rpm	SHA-256: 3e596389736ea024431955e6829a56e6f0f9cde8751d9b7aa9346831a0cdbe87
freeradius2-python-2.1.12-5.el5.i386.rpm	SHA-256: b2069685d114e42cb752975c23c154a9f1646cdf08093bec2f30f360ba8551a5
freeradius2-unixODBC-2.1.12-5.el5.i386.rpm	SHA-256: e0ef94b8d483bd63784b609abb2822fe44c916ccf0e29cd4b8b4d1133ba52b1b
freeradius2-utils-2.1.12-5.el5.i386.rpm	SHA-256: d2e5211a2d7cd2f26d4814dc21330be16173db6d2ed871a3e174baa6c7219c63

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories