freeradius: upgrade 3.2.3 -> 3.2.5

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00

ChangeLog:
https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_2_4
https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_2_5

Security fixes:
CVE-2024-3596:
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a
local attacker who can modify any valid Response (Access-Accept,
Access-Reject, or Access-Challenge) to any other response using a
chosen-prefix collision attack against MD5 Response Authenticator
signature.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-3596
https://www.freeradius.org/security/
https://www.blastradius.fail/
https://www.inkbridgenetworks.com/web/content/2557?unique=47be02c8aed46c53b0765db185320249ad873d95

(master rev: 28d82d17c8)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

This commit is contained in:

Yi Zhao

2024-11-21 19:03:28 +08:00

committed by

Armin Kuster

parent 83d23d2b24

commit b8d1a14f7f

1 changed files with 1 additions and 1 deletions

									
										meta-networking/recipes-connectivity/freeradius/freeradius_3.2.3.bb → meta-networking/recipes-connectivity/freeradius/freeradius_3.2.5.bb
									
		+1
		-1
	
												View File
												
				@@ -39,7 +39,7 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.2.x;lfs=0

				raddbdir = "${sysconfdir}/${MLPREFIX}raddb"

				SRCREV = "db3d1924d9a2e8d37c43872932621f69cfdbb099"

				SRCREV = "a7acce80f5ba2271d9aeb737a4a91a5bf8317f31"

				UPSTREAM_CHECK_GITTAGREGEX = "release_(?P<pver>\d+(\_\d+)+)"