diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-08-20 14:00:23 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-08-20 14:13:32 +0000 |
| commit | 9efccd10b731a53429a96bea0144057e3753ddef (patch) | |
| tree | 6938428587c71bfe4efafed9a330b7411dd50ce8 /main | |
| parent | 720693cedfbcd03efff48adf05e47e4f4d1528f0 (diff) | |
| download | aports-9efccd10b731a53429a96bea0144057e3753ddef.tar.bz2 aports-9efccd10b731a53429a96bea0144057e3753ddef.tar.xz | |
main/freeradius: security fix (CVE-2019-10143)
Fixes #10744
Diffstat (limited to 'main')
| -rw-r--r-- | main/freeradius/APKBUILD | 8 | ||||
| -rw-r--r-- | main/freeradius/CVE-2019-10143.patch | 94 |
2 files changed, 100 insertions, 2 deletions
diff --git a/main/freeradius/APKBUILD b/main/freeradius/APKBUILD index b0fc3b4494..50456704b0 100644 --- a/main/freeradius/APKBUILD +++ b/main/freeradius/APKBUILD @@ -5,7 +5,7 @@ pkgname=freeradius _realname=freeradius pkgver=3.0.15 -pkgrel=4 +pkgrel=5 pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server" url="http://freeradius.org/" arch="all" @@ -32,10 +32,13 @@ source="ftp://ftp.freeradius.org/pub/freeradius/old/$_realname-server-$pkgver.ta fix-scopeid.patch freeradius-313-default-config.patch CVE-2019-11234-5.patch + CVE-2019-10143.patch " builddir="$srcdir"/$_realname-server-$pkgver # secfixes: +# 3.0.17-r5: +# - CVE-2019-10143 # 3.0.15-r4: # - CVE-2019-11234 # - CVE-2019-11235 @@ -289,4 +292,5 @@ ba3c424d4eabb147c7aa3e31575a87ddb26b6a792d2a8714e73d8763e07854326a03a83991a74202 c49e5eec7497fccde5fd09dba1ea9b846e57bc88015bd81640aa531fb5c9b449f37136f42c85fe1d7940c5963aed664b85da28442b388c9fb8cc27873df03b2d musl-fix-headers.patch 41d478c0e40ff82fc36232964037c1ab8ffca9fdbb7dca02ed49319906e751c133b5d7bc7773c645cec6d9d39d1de69cba25e8d59afa8d6662563dd17f35f234 fix-scopeid.patch 666e15a3c3e5b98ff8c3168de85b341606af5e2790af379ddec46464e9d7de14a715876a34ba1eb7fa47ddead23f7134128d591db32309db0e4acbdb6f21ef5e freeradius-313-default-config.patch -05b19e1b4d43eac3ddb2f1d62a31bedb2e3386bdafc0253506304d46e6ea41f1bf798c28d3b1207341c4c9d17de0775a9ca8aa2b9c27a90c92d21c0a73ee6477 CVE-2019-11234-5.patch" +05b19e1b4d43eac3ddb2f1d62a31bedb2e3386bdafc0253506304d46e6ea41f1bf798c28d3b1207341c4c9d17de0775a9ca8aa2b9c27a90c92d21c0a73ee6477 CVE-2019-11234-5.patch +5506cc095553c2024319f0818fd317c02c0aa52f306b506e44f661f2f600874426118decdc2313a2da8313bff3578d364262f947faa9198595a830764a336b57 CVE-2019-10143.patch" diff --git a/main/freeradius/CVE-2019-10143.patch b/main/freeradius/CVE-2019-10143.patch new file mode 100644 index 0000000000..528550aa82 --- /dev/null +++ b/main/freeradius/CVE-2019-10143.patch @@ -0,0 +1,94 @@ +From 1f233773962bf1a9c2d228a180eacddb9db2d574 Mon Sep 17 00:00:00 2001 +From: Alexander Scheel <ascheel@redhat.com> +Date: Tue, 7 May 2019 16:04:29 -0400 +Subject: [PATCH] su to radiusd user/group when rotating logs + +The su directive to logrotate ensures that log rotation happens under the +owner of the logs. Otherwise, logrotate runs as root:root, potentially +enabling privilege escalation if a RCE is discovered against the +FreeRADIUS daemon. + +Signed-off-by: Alexander Scheel <ascheel@redhat.com> +--- + debian/freeradius.logrotate | 3 +++ + redhat/freeradius-logrotate | 1 + + scripts/logrotate/freeradius | 3 +++ + suse/radiusd-logrotate | 1 + + 4 files changed, 8 insertions(+) + +diff --git a/debian/freeradius.logrotate b/debian/freeradius.logrotate +index 7d837d53bd..a8d29b7adf 100644 +--- a/debian/freeradius.logrotate ++++ b/debian/freeradius.logrotate +@@ -9,6 +9,7 @@ + notifempty + + copytruncate ++ su freerad freerad + } + + # (in order) +@@ -26,6 +27,7 @@ + notifempty + + nocreate ++ su freerad freerad + } + + # There are different detail-rotating strategies you can use. One is +@@ -45,4 +47,5 @@ + notifempty + + nocreate ++ su freerad freerad + } +diff --git a/redhat/freeradius-logrotate b/redhat/freeradius-logrotate +index 360765ddc4..bb97ca5547 100644 +--- a/redhat/freeradius-logrotate ++++ b/redhat/freeradius-logrotate +@@ -9,6 +9,7 @@ rotate 4 + missingok + compress + delaycompress ++su radiusd radiusd + + # + # The main server log +diff --git a/scripts/logrotate/freeradius b/scripts/logrotate/freeradius +index 3de435e76e..eecf63175a 100644 +--- a/scripts/logrotate/freeradius ++++ b/scripts/logrotate/freeradius +@@ -17,6 +17,7 @@ + notifempty + + copytruncate ++ su radiusd radiusd + } + + # (in order) +@@ -34,6 +35,7 @@ + notifempty + + nocreate ++ su radiusd radiusd + } + + # There are different detail-rotating strategies you can use. One is +@@ -53,4 +55,5 @@ + notifempty + + nocreate ++ su radiusd radiusd + } +diff --git a/suse/radiusd-logrotate b/suse/radiusd-logrotate +index 24d56be1a9..be5a797684 100644 +--- a/suse/radiusd-logrotate ++++ b/suse/radiusd-logrotate +@@ -11,6 +11,7 @@ missingok + compress + delaycompress + notifempty ++su radiusd radiusd + + # + # The main server log |