Imminent release of 2.2.5 and 3.0.3

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Thu Apr 17 23:24:46 CEST 2014


Hi,

> > I wonder if this checking for "bad" libraries inside FR is really useful
> > or appropriate, especially if it's causing you major hassles. It's not
> > obvious to me why OpenSSL is special - where's the blacklist for glibc
> > or libpq or $whatever? Are other projects doing this?
> 
>   There aren't massive security holes in other libraries.  I'm not sure
> if other projects are doing this.  I know for my sanity, I don't want
> people blaming FreeRADIUS because they've chosen to use a vulnerable
> version of OpenSSL.

ISC do similar thign with OpenSSL for named and have done so for years. 

alan


More information about the Freeradius-Users mailing list