Get a Quote   (408) 943-4100               TrueNAS Discord      VendOp_Icon_15x15px   Commercial Support

Versions Affected : All versions prior to TrueNAS 12.0-U5


Description

The patch for FreeBSD-SA-21:12.libradius modified rad_get_attr(3) to verify that an attribute length smaller than the minimum required for the attribute type and length fields is disallowed.

This check may fail incorrectly for the final attribute in a RADIUS message. The bug may cause request validation to fail when it should succeed. This can result in errors in applications making using of libradius(3).


Workaround

No workaround is available. Systems not making use of libradius(3) are unaffected.


Mitigation

  • Upgrade to TrueNAS 12.0-U5 or later.

Commit


Further information