oss-sec mailing list archives
Re: CVE Request - PHP PECL Radius (php-pecl-radius) v1.2.7 fixing a security flaw in radius_get_vendor_attr()
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 28 Jun 2013 12:08:15 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/28/2013 06:59 AM, Jan Lieskovsky wrote:
Hello Kurt, Steve, vendors, PHP PECL upstream has released 1.2.7 version of the Radius client library, correcting one security flaw (from [1]): "- Fix a security issue in radius_get_vendor_attr() by enforcing checks of the VSA length field against the buffer size. (Adam)" References: [1] http://pecl.php.net/package-changelog.php?package=radius [2] http://pecl.php.net/news/ Relevant upstream patch: [3] https://github.com/LawnGnome/php-radius/commit/13c149b051f82b709e8d7cc32111e84b49d57234 Can you allocate a CVE identifier for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Please use CVE-2013-2220 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRzdEPAAoJEBYNRVNeJnmT4LAP/3btWxRNzklWtej77KtbxsUW 2nPKZyH8DGv7NqZ484uH026FY0HnECSU2YVxH0qyEdQqfR5n75eg9pIuMkwl/uBP 8QNpn7kepoCsyW3KgKg6LR3sU8o6cyOpvAENsVoBCamVbtOUaLAq9zqgLKfPCnGN wvaOslhMZF/j3nqGo/JFPPCu/8ZdFVVYD40eQO5K4lwJdY98wmAuO8McYMerfFCL WXj5XthGiPXMcIXVtJgB+UmtkKB391ROQ3jqxoTzttP3Lw0+jHXwx3USrRQjErAP 9p9WXPoqU5XmaFCD6Q2f9ROdGP/ofggIxvL6XEhC9i3bIH+D/TJ0AHBnspcMV0Ul /p9MtBlZodzrWmkrKqAScv+mkcYc0/IWrSy4OOtaEIoh5DCEsyFoKvbl7bnw5Joa SSLkdPbKoWBvGymrWjj7DznjK2rWcuL7IJvUeV4VbSrxqW8OuthffKxzqhy+wIEw RB0IRtlucyC7mqYS9ZaIoABRgz8r9K1t9q5Tj5rKgDmiAszSUROo6rJBQ2fgUsye 4sbCeQnTg+gTORhcU2QHpJwZaVuonaS9pq9viPukl93nf3UnHuJvQ1UViCPa7t5c 7TB+Qn/iHSzGIyjaZw2a9INnjT+hUqfaHf4GD+oE3BSLO49eByD/fx5mbPMyIO06 HaUNBfjEitHxMciu97F4 =69tY -----END PGP SIGNATURE-----
Current thread:
- CVE Request - PHP PECL Radius (php-pecl-radius) v1.2.7 fixing a security flaw in radius_get_vendor_attr() Jan Lieskovsky (Jun 28)
- Re: CVE Request - PHP PECL Radius (php-pecl-radius) v1.2.7 fixing a security flaw in radius_get_vendor_attr() Kurt Seifried (Jun 28)