{"affected":[{"ecosystem_specific":{"binaries":[{"freeradius-server":"3.0.16-lp151.4.4.1","freeradius-server-devel":"3.0.16-lp151.4.4.1","freeradius-server-doc":"3.0.16-lp151.4.4.1","freeradius-server-krb5":"3.0.16-lp151.4.4.1","freeradius-server-ldap":"3.0.16-lp151.4.4.1","freeradius-server-libs":"3.0.16-lp151.4.4.1","freeradius-server-mysql":"3.0.16-lp151.4.4.1","freeradius-server-perl":"3.0.16-lp151.4.4.1","freeradius-server-postgresql":"3.0.16-lp151.4.4.1","freeradius-server-python":"3.0.16-lp151.4.4.1","freeradius-server-sqlite":"3.0.16-lp151.4.4.1","freeradius-server-utils":"3.0.16-lp151.4.4.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"freeradius-server","purl":"pkg:rpm/opensuse/freeradius-server&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.0.16-lp151.4.4.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for freeradius-server fixes the following issues:\n\n- CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd\n  (bsc#1144524).\n- CVE-2019-17185: Fixed a debial of service due to multithreaded\n  BN_CTX access (bsc#1166847).\n- Fixed an issue in TLS-EAP where the OCSP verification, when an \n  intermediate client certificate was not explicitly trusted \n  (bsc#1146848).\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2020:0553-1","modified":"2020-04-26T12:11:06Z","published":"2020-04-26T12:11:06Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TMVXSP5XFJILXXXL4PCJEJOUEIQCWQ5X/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1144524"},{"type":"REPORT","url":"https://bugzilla.suse.com/1146848"},{"type":"REPORT","url":"https://bugzilla.suse.com/1166847"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-13456"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17185"}],"related":["CVE-2019-13456","CVE-2019-17185"],"summary":"Security update for freeradius-server","upstream":["CVE-2019-13456","CVE-2019-17185"]}