[El-errata] ELSA-2017-2389 Important: Oracle Linux 7 freeradius security update

Wed Aug 9 14:19:42 PDT 2017

Oracle Linux Security Advisory ELSA-2017-2389

http://linux.oracle.com/errata/ELSA-2017-2389.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
freeradius-3.0.13-8.el7_4.x86_64.rpm
freeradius-devel-3.0.13-8.el7_4.i686.rpm
freeradius-devel-3.0.13-8.el7_4.x86_64.rpm
freeradius-doc-3.0.13-8.el7_4.x86_64.rpm
freeradius-krb5-3.0.13-8.el7_4.x86_64.rpm
freeradius-ldap-3.0.13-8.el7_4.x86_64.rpm
freeradius-mysql-3.0.13-8.el7_4.x86_64.rpm
freeradius-perl-3.0.13-8.el7_4.x86_64.rpm
freeradius-postgresql-3.0.13-8.el7_4.x86_64.rpm
freeradius-python-3.0.13-8.el7_4.x86_64.rpm
freeradius-sqlite-3.0.13-8.el7_4.x86_64.rpm
freeradius-unixODBC-3.0.13-8.el7_4.x86_64.rpm
freeradius-utils-3.0.13-8.el7_4.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/freeradius-3.0.13-8.el7_4.src.rpm

Description of changes:

[3.0.13-8]
- Avoid misinterpreting zero-size malloc in data2vp_extended() fix.
- Related: Bug#1469414 CVE-2017-10984 freeradius: Out-of-bounds write in
                        data2vp_wimax()

[3.0.13-7]
- Resolves: Bug#1469409 CVE-2017-10978 freeradius: Out-of-bounds 
read/write due
                         to improper output buffer size check in 
make_secret()
- Resolves: Bug#1469413 CVE-2017-10983 freeradius: Out-of-bounds read in
                         fr_dhcp_decode() when decoding option 63
- Resolves: Bug#1469414 CVE-2017-10984 freeradius: Out-of-bounds write in
                         data2vp_wimax()
- Resolves: Bug#1469417 CVE-2017-10985 freeradius: Infinite loop and memory
                         exhaustion with 'concat' attributes
- Resolves: Bug#1469418 CVE-2017-10986 freeradius: Infinite read in
                         dhcp_attr2vp()
- Resolves: Bug#1469421 CVE-2017-10987 freeradius: Buffer over-read in
                         fr_dhcp_decode_suboptions()