Bugzilla – Bug 1223414
VUL-0: CVE-2024-3596: freeradius-server: chosen-prefix collision attack against MD5 Response Authenticator signature
Last modified: 2024-07-09 16:33:04 UTC
Public now: https://www.blastradius.fail/
SUSE-SU-2024:2367-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1223414 CVE References: CVE-2024-3596 Maintenance Incident: [SUSE:Maintenance:34054](https://smelt.suse.de/incident/34054/) Sources used: SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): freeradius-server-3.0.21-150200.3.15.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): freeradius-server-3.0.21-150200.3.15.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): freeradius-server-3.0.21-150200.3.15.1 SUSE Enterprise Storage 7.1 (src): freeradius-server-3.0.21-150200.3.15.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): freeradius-server-3.0.21-150200.3.15.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): freeradius-server-3.0.21-150200.3.15.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): freeradius-server-3.0.21-150200.3.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2366-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1223414 CVE References: CVE-2024-3596 Maintenance Incident: [SUSE:Maintenance:34037](https://smelt.suse.de/incident/34037/) Sources used: openSUSE Leap 15.4 (src): freeradius-server-3.0.25-150400.4.7.1 openSUSE Leap 15.5 (src): freeradius-server-3.0.25-150400.4.7.1 Server Applications Module 15-SP5 (src): freeradius-server-3.0.25-150400.4.7.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): freeradius-server-3.0.25-150400.4.7.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): freeradius-server-3.0.25-150400.4.7.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): freeradius-server-3.0.25-150400.4.7.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): freeradius-server-3.0.25-150400.4.7.1 SUSE Manager Proxy 4.3 (src): freeradius-server-3.0.25-150400.4.7.1 SUSE Manager Retail Branch Server 4.3 (src): freeradius-server-3.0.25-150400.4.7.1 SUSE Manager Server 4.3 (src): freeradius-server-3.0.25-150400.4.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2361-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1223414 CVE References: CVE-2024-3596 Maintenance Incident: [SUSE:Maintenance:34052](https://smelt.suse.de/incident/34052/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): freeradius-server-3.0.19-3.15.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): freeradius-server-3.0.19-3.15.1 SUSE Linux Enterprise Server 12 SP5 (src): freeradius-server-3.0.19-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): freeradius-server-3.0.19-3.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2359-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1223414 CVE References: CVE-2024-3596 Maintenance Incident: [SUSE:Maintenance:34057](https://smelt.suse.de/incident/34057/) Sources used: openSUSE Leap 15.6 (src): freeradius-server-3.2.4-150600.3.3.2 Server Applications Module 15-SP6 (src): freeradius-server-3.2.4-150600.3.3.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.