Imminent release of 2.2.5 and 3.0.3
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu Apr 17 23:24:46 CEST 2014
Hi,
> > I wonder if this checking for "bad" libraries inside FR is really useful
> > or appropriate, especially if it's causing you major hassles. It's not
> > obvious to me why OpenSSL is special - where's the blacklist for glibc
> > or libpq or $whatever? Are other projects doing this?
>
> There aren't massive security holes in other libraries. I'm not sure
> if other projects are doing this. I know for my sanity, I don't want
> people blaming FreeRADIUS because they've chosen to use a vulnerable
> version of OpenSSL.
ISC do similar thign with OpenSSL for named and have done so for years.
alan
More information about the Freeradius-Users
mailing list