Patch  oval:com.redhat.rhba:def:20120881
RHBA-2012:0881: freeradius bug fix and enhancement update (Low)  

FreeRADIUS is an open-source Remote Authentication Dial In User Service (RADIUS) server which allows RADIUS clients to perform authentication against the RADIUS server. The RADIUS server may optionally perform accounting of its operations using the RADIUS protocol.
The freeradius packages have been upgraded to upstream version 2.1.12, which provides a number of bug fixes and enhancements over the previous version. (BZ#736878)
This update fixes the following bugs:
* The radtest command-line argument to request the PPP hint option was not parsed correctly. Consequently, radclient did not add the PPP hint to the request packet and the test failed. This update corrects the problem and radtest now functions as expected. (BZ#787116)
* After log rotation, the freeradius logrotate script failed to reload the radiusd daemon after a log rotation and log messages were lost. This update has added a command to the freeradius logrotate script to reload the radiusd daemon and the radiusd daemon reinitializes and reopens its log files after log rotation as expected. (BZ#705723)
* The radtest argument with the eap-md5 option failed because it passed the IP family argument when invoking the radeapclient utility and the radeapclient utility did not recognize the IP family. The radeapclient now recognizes the IP family argument and radtest now works with eap-md5 as expected. (BZ#712803)
* Previously, freeradius was compiled without the "--with-udpfromto" option. Consequently, with a multihomed server and explicitly specifying the IP address, freeradius sent the reply from the wrong IP address. With this update, freeradius has been built with the --with-udpfromto configuration option and the RADIUS reply is always sourced from the IP the request was sent to. (BZ#700870)
* The password expiration field for local passwords was not checked by the unix module and the debug information was erroneous. Consequently, a user with an expired password in the local password file was authenticated despite having an expired password. With this update, check of the password expiration has been modified. A user with an expired local password is denied access and correct debugging information is written to the log file. (BZ#753764)
* Due to invalid syntax in the PostgreSQL admin schema file, the FreeRADIUS PostgreSQL tables failed to be created. With this update, the syntax has been adjusted and the tables are created as expected. (BZ#690756)
* When FreeRADIUS received a request, it sometimes failed with the following message:
WARNING: Internal sanity check failed in event handler for request 6
This bug was fixed by upgrading to upstream version 2.1.12. (BZ#782905)
* FreeRADIUS has a thread pool that will dynamically grow based on load. If multiple threads using the rlm_perl() function are spawned in quick succession, freeradius sometimes terminated unexpectedly with a segmentation fault due to parallel calls to the rlm_perl_clone() function. With this update, mutex for the threads has been added and the problem no longer occurs. (BZ#810605)
All users of freeradius are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.
Create Date: 2012-06-20 Last Update Date: 2012-06-20

Affected Platforms/Products

Affected Products (CPE + CVE references)
Platforms: unix (from OVAL definitions)
  • Red Hat Enterprise Linux 6

References

Criteria

The patch should be installed
IF : Any one of the following are true
IF : Red Hat Enterprise Linux must be installed
WARNING! Unknown test oval:com.redhat.rhba:tst:20070304026. Please see help for possible reasons
IF : All of the following are true
IF : Red Hat Enterprise Linux 6 is installed
WARNING! Unknown test oval:com.redhat.rhba:tst:20111656003. Please see help for possible reasons
IF : Any one of the following are true
IF : All of the following are true
IF : freeradius-utils is signed with Red Hat redhatrelease2 key
WARNING! Unknown test oval:com.redhat.rhba:tst:20120881018. Please see help for possible reasons
IF : freeradius-utils is earlier than 0:2.1.12-3.el6
WARNING! Unknown test oval:com.redhat.rhba:tst:20120881017. Please see help for possible reasons
IF : All of the following are true
IF : freeradius-unixODBC is signed with Red Hat redhatrelease2 key
WARNING! Unknown test oval:com.redhat.rhba:tst:20120881016. Please see help for possible reasons
IF : freeradius-unixODBC is earlier than 0:2.1.12-3.el6
WARNING! Unknown test oval:com.redhat.rhba:tst:20120881015. Please see help for possible reasons
IF : All of the following are true
IF : freeradius-python is signed with Red Hat redhatrelease2 key
WARNING! Unknown test oval:com.redhat.rhba:tst:20120881014. Please see help for possible reasons
IF : freeradius-python is earlier than 0:2.1.12-3.el6
WARNING! Unknown test oval:com.redhat.rhba:tst:20120881013. Please see help for possible reasons
IF : All of the following are true
IF : freeradius-postgresql is earlier than 0:2.1.12-3.el6
WARNING! Unknown test oval:com.redhat.rhba:tst:20120881011. Please see help for possible reasons
IF : freeradius-postgresql is signed with Red Hat redhatrelease2 key
WARNING! Unknown test oval:com.redhat.rhba:tst:20120881012. Please see help for possible reasons
IF : All of the following are true
IF : freeradius-perl is earlier than 0:2.1.12-3.el6
WARNING! Unknown test oval:com.redhat.rhba:tst:20120881009. Please see help for possible reasons
IF : freeradius-perl is signed with Red Hat redhatrelease2 key
WARNING! Unknown test oval:com.redhat.rhba:tst:20120881010. Please see help for possible reasons
IF : All of the following are true
IF : freeradius-mysql is earlier than 0:2.1.12-3.el6
WARNING! Unknown test oval:com.redhat.rhba:tst:20120881007. Please see help for possible reasons
IF : freeradius-mysql is signed with Red Hat redhatrelease2 key
WARNING! Unknown test oval:com.redhat.rhba:tst:20120881008. Please see help for possible reasons
IF : All of the following are true
IF : freeradius-ldap is earlier than 0:2.1.12-3.el6
WARNING! Unknown test oval:com.redhat.rhba:tst:20120881005. Please see help for possible reasons
IF : freeradius-ldap is signed with Red Hat redhatrelease2 key
WARNING! Unknown test oval:com.redhat.rhba:tst:20120881006. Please see help for possible reasons
IF : All of the following are true
IF : freeradius-krb5 is signed with Red Hat redhatrelease2 key
WARNING! Unknown test oval:com.redhat.rhba:tst:20120881004. Please see help for possible reasons
IF : freeradius-krb5 is earlier than 0:2.1.12-3.el6
WARNING! Unknown test oval:com.redhat.rhba:tst:20120881003. Please see help for possible reasons
IF : All of the following are true
IF : freeradius is signed with Red Hat redhatrelease2 key
WARNING! Unknown test oval:com.redhat.rhba:tst:20120881002. Please see help for possible reasons
IF : freeradius is earlier than 0:2.1.12-3.el6
WARNING! Unknown test oval:com.redhat.rhba:tst:20120881001. Please see help for possible reasons

Quick Help

Unknown Tests
There is a hardcoded maximum limit for number of tests displayed for a definition. For a small number of oval definitions, about ~1% of all, hundreds of test have been defined. This causes the pages to grow in size, exceed even 1mb, and they are unsuitable for display in a web page. So they are not displayed.Please refer to the xml definition files if you really want to view them.
Other Help Topics
Data Types
What is an Object?
What is a State?
What is a Test?
Other Help Topics
Regular Expression Patterns
Some object or state definitions are defined as regular expression patterns, you should interpret the regexp pattern while evaluating them.

OVAL Definitions By Referenced Objects

How does it work?   User agreement and privacy statement   About & Contact
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is MITRE's OVAL web site.
Warning: This site and all data are provided as is. It is not guaranteed that all information is accurate and complete. Use any information provided on this site at your own risk. By using this site you accept that you know that these data are provided as is and not guaranteed to be accurate, correct or complete. All trademarks appearing on this site are the property of their respective owners in the US or other countries. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss. PLEASE SEE nvd.nist.gov and oval.mitre.org for more details about OVAL language and definitions.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor/web site owner/maintainer be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Use of OVAL and all related data is subject to terms of use defined by Mitre at http://oval.mitre.org/oval/about/termsofuse.html