21 Sep
2009
21 Sep
'09
5:55 a.m.
Jakob Hirsch wrote:
This sounds harmless for most people, I guess, or at least for us, as we don't use Tunnel-Password. But reading CVE-2009-3111 and looking at the patch, it seems that this can crash any server just by sending an empty attribute. That would mean that every 1.1.7 installation should upgrade to 1.1.8 ASAP. Right?
Yes. Alan DeKok.