Version 1.1.8 has been released
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Mon Sep 21 12:51:19 CEST 2009
Hi,
> This sounds harmless for most people, I guess, or at least for us, as we
> don't use Tunnel-Password. But reading CVE-2009-3111 and looking at the
> patch, it seems that this can crash any server just by sending an empty
> attribute. That would mean that every 1.1.7 installation should upgrade
> to 1.1.8 ASAP. Right?
correct - I've advised our UK eduroam contingent (JANET Roaming) who use
FreeRADIUS 1.1.3 - 1.1.7 to upgrade ASAP.
alan
More information about the Freeradius-Users
mailing list