oss-sec mailing list archives
CVE Request - PHP PECL Radius (php-pecl-radius) v1.2.7 fixing a security flaw in radius_get_vendor_attr()
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 28 Jun 2013 08:59:59 -0400 (EDT)
Hello Kurt, Steve, vendors, PHP PECL upstream has released 1.2.7 version of the Radius client library, correcting one security flaw (from [1]): "- Fix a security issue in radius_get_vendor_attr() by enforcing checks of the VSA length field against the buffer size. (Adam)" References: [1] http://pecl.php.net/package-changelog.php?package=radius [2] http://pecl.php.net/news/ Relevant upstream patch: [3] https://github.com/LawnGnome/php-radius/commit/13c149b051f82b709e8d7cc32111e84b49d57234 Can you allocate a CVE identifier for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request - PHP PECL Radius (php-pecl-radius) v1.2.7 fixing a security flaw in radius_get_vendor_attr() Jan Lieskovsky (Jun 28)