Versions Affected : All versions prior to TrueNAS 12.0-U5
The patch for FreeBSD-SA-21:12.libradius modified rad_get_attr(3) to verify that an attribute length smaller than the minimum required for the attribute type and length fields is disallowed.
This check may fail incorrectly for the final attribute in a RADIUS message. The bug may cause request validation to fail when it should succeed. This can result in errors in applications making using of libradius(3).
No workaround is available. Systems not making use of libradius(3) are unaffected.
- Upgrade to TrueNAS 12.0-U5 or later.
- FreeBSD Revision : r369921
- TrueNAS Commit : 6a97246
- TrueNAS Commit : 08f09f7
- JIRA Ticket : NAS-111053