'Re: [oss-security] CVE Request - PHP PECL Radius (php-pecl-radius) v1.2.7 fixing a security flaw in'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request - PHP PECL Radius (php-pecl-radius) v1.2.7 fixing a security flaw in
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2013-06-28 18:08:15
Message-ID: 51CDD10F.9090701 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/28/2013 06:59 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
> 
> PHP PECL upstream has released 1.2.7 version of the Radius client
> library, correcting one security flaw (from [1]):
> 
> "- Fix a security issue in radius_get_vendor_attr() by enforcing
> checks of the VSA length field against the buffer size. (Adam)"
> 
> References: [1]
> http://pecl.php.net/package-changelog.php?package=radius [2]
> http://pecl.php.net/news/
> 
> Relevant upstream patch: [3]
> https://github.com/LawnGnome/php-radius/commit/13c149b051f82b709e8d7cc32111e84b49d57234
>
>  Can you allocate a CVE identifier for this?
> 
> Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
> Security Response Team
> 

Please use CVE-2013-2220  for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRzdEPAAoJEBYNRVNeJnmT4LAP/3btWxRNzklWtej77KtbxsUW
2nPKZyH8DGv7NqZ484uH026FY0HnECSU2YVxH0qyEdQqfR5n75eg9pIuMkwl/uBP
8QNpn7kepoCsyW3KgKg6LR3sU8o6cyOpvAENsVoBCamVbtOUaLAq9zqgLKfPCnGN
wvaOslhMZF/j3nqGo/JFPPCu/8ZdFVVYD40eQO5K4lwJdY98wmAuO8McYMerfFCL
WXj5XthGiPXMcIXVtJgB+UmtkKB391ROQ3jqxoTzttP3Lw0+jHXwx3USrRQjErAP
9p9WXPoqU5XmaFCD6Q2f9ROdGP/ofggIxvL6XEhC9i3bIH+D/TJ0AHBnspcMV0Ul
/p9MtBlZodzrWmkrKqAScv+mkcYc0/IWrSy4OOtaEIoh5DCEsyFoKvbl7bnw5Joa
SSLkdPbKoWBvGymrWjj7DznjK2rWcuL7IJvUeV4VbSrxqW8OuthffKxzqhy+wIEw
RB0IRtlucyC7mqYS9ZaIoABRgz8r9K1t9q5Tj5rKgDmiAszSUROo6rJBQ2fgUsye
4sbCeQnTg+gTORhcU2QHpJwZaVuonaS9pq9viPukl93nf3UnHuJvQ1UViCPa7t5c
7TB+Qn/iHSzGIyjaZw2a9INnjT+hUqfaHf4GD+oE3BSLO49eByD/fx5mbPMyIO06
HaUNBfjEitHxMciu97F4
=69tY
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic