Version 1.1.8 has been released

Alan DeKok aland at
Mon Sep 21 11:55:46 CEST 2009

Jakob Hirsch wrote:
> This sounds harmless for most people, I guess, or at least for us, as we
> don't use Tunnel-Password. But reading CVE-2009-3111 and looking at the
> patch, it seems that this can crash any server just by sending an empty
> attribute. That would mean that every 1.1.7 installation should upgrade
> to 1.1.8 ASAP. Right?


  Alan DeKok.

More information about the Freeradius-Users mailing list