Version 1.1.8 has been released

Alan DeKok aland at deployingradius.com
Mon Sep 21 11:55:46 CEST 2009

Previous message: Version 1.1.8 has been released
Next message: Version 1.1.8 has been released
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jakob Hirsch wrote:
> This sounds harmless for most people, I guess, or at least for us, as we
> don't use Tunnel-Password. But reading CVE-2009-3111 and looking at the
> patch, it seems that this can crash any server just by sending an empty
> attribute. That would mean that every 1.1.7 installation should upgrade
> to 1.1.8 ASAP. Right?

  Yes.

  Alan DeKok.

Previous message: Version 1.1.8 has been released
Next message: Version 1.1.8 has been released
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Freeradius-Users mailing list