Version 1.1.8 has been released
Jakob Hirsch
jh at plonk.de
Mon Sep 21 11:37:25 CEST 2009
Hi,
Alan DeKok, 2009-09-09 14:54:
> We have released version 1.1.8 to fix an issue with the handling of
> Tunnel-Password. This is the same issue that was found in version
This sounds harmless for most people, I guess, or at least for us, as we
don't use Tunnel-Password. But reading CVE-2009-3111 and looking at the
patch, it seems that this can crash any server just by sending an empty
attribute. That would mean that every 1.1.7 installation should upgrade
to 1.1.8 ASAP. Right?
More information about the Freeradius-Users
mailing list