CVE-2022-41860
Description
RHSA-2023:2870: freeradius:3.0 security update (Moderate)
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description freeradius: Crash on unknown option in EAP-SIM CVSS v3: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8freeradius:3.0-8080020221214103624.89170a74RHSA-2023:28702023-05-16T00:00:00Z Red Hat Enterprise Linux 9freeradius-0:3.0.21-37.el9RHSA-2023:21662023-05-09T00:00:00Z Package state ProductPackageState…
Description
freeradius: Crash on unknown option in EAP-SIM
CVSS v3: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | freeradius:3.0-8080020221214103624.89170a74 | RHSA-2023:2870 | 2023-05-16T00:00:00Z |
| Red Hat Enterprise Linux 9 | freeradius-0:3.0.21-37.el9 | RHSA-2023:2166 | 2023-05-09T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | freeradius | Out of support scope |
| Red Hat Enterprise Linux 7 | freeradius | Out of support scope |
Apply commands
yum update -y freeradius:3
# or:
dnf upgrade -y freeradius:3OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| — | Affected | — |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | freeradius-doc-3.0.20-14.module_el8.8.0+3469+c05aea40.aarch64.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 3.2.0+dfsg-1 |
| sid | Fixed | 3.2.0+dfsg-1 |
| forky | Fixed | 3.2.0+dfsg-1 |
| bullseye | Fixed | 3.0.21+dfsg-2.2+deb11u2 |
| bookworm | Fixed | 3.2.0+dfsg-1 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | — |
| 8 | Fixed | — |
References
- https://access.redhat.com/errata/RHSA-2023:2166
- https://www.suse.com/security/cve/CVE-2022-41860.html
- https://security-tracker.debian.org/tracker/CVE-2022-41860
- https://access.redhat.com/errata/RHSA-2023:2870
- https://bugzilla.redhat.com/2078483
- https://bugzilla.redhat.com/2078485
- https://bugzilla.redhat.com/2078487
- https://errata.almalinux.org/8/ALSA-2023-2870.html
- https://errata.almalinux.org/9/ALSA-2023-2166.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.