LDAP (rlm_ldap) Version 3.0.9
Alan DeKok
aland at deployingradius.com
Mon Jul 20 16:28:34 CEST 2015
On Jul 20, 2015, at 4:26 PM, Scott Pickles via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I'm running a CentOS 7 environment and I just did a fresh install of v3.0.9 of FreeRADIUS. I also installed version 1.0.2d of openssl so I'm not subject to heartbleed. When I installed the ldap module, yum downloaded version 3.0.4 and also installed a heartbleed vulnerable version of openssl and broke my install.
Which is why you don't install manual packages on top of existing ones. CentOS *should* have a fixed version of OpenSSL.
> I know how to patch radiusd.conf for the heartbleed vulnerability but I'd rather not. So I removed the ldap module, re-installed openssl 1.0.2d and recompiled FreeRADIUS. Is there a repo that will provide me with a 3.0.9 version of the ldap module? If not, can I compile and point to my lib directory for openssl 1.0.2d instead? Yum downloads an RPM and I don't know of a way to simply extract that, so I am looking for a way to compile from source for either version 3.0.4 or 3.0.9 if it exists. Don't know where to look for the source(s).
Install the OpenSSL from CentOS. It should have the fix. See the release notes for details.
Alan DeKok.
More information about the Freeradius-Users
mailing list