Release of 3.0.12
stefan.winter at restena.lu
Mon Sep 26 11:07:26 CEST 2016
hm, can we still hold the press?
user = "radiusd"
group = "radiusd"
allow_core_dumps = yes
name = "radiusd"
prefix = "/usr/local/freeradius/current"
localstatedir = "/var"
logdir = "/var/log/radius"
run_dir = "/var/run/radiusd"
Cannot update core dump limit: Operation not permitted
Core dumps are enabled
max_attributes = 200
reject_delay = 0.000000
status_server = yes
allow_vulnerable_openssl = "CVE-2016-6304"
So after dropping priv's, it reads about CVE clearance. But then:
Debugger not attached
Refusing to start with libssl version OpenSSL 1.0.1k 8 Jan 2015
0x100010bf (1.0.1k release) (in range 1.0.1 release - 1.0.1t rele)
Security advisory CVE-2016-6304 (OCSP status request extension)
For more information see https://www.openssl.org/news/secadv/20160922.txt
Once you have verified libssl has been correctly patched, set
security.allow_vulnerable_openssl = 'CVE-2016-6304'
That's v3.0.x checkout from just a few minutes ago.
Am 22.09.2016 um 17:59 schrieb Alan DeKok:
> A belated request for last-minute tests of 3.0.12. I've pushed some changes to complain about OpenSSL. They work for me, but another check would be useful.
> If all is OK, I'll release 3.0.12 on Monday. For real this time.
> Alan DeKok.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Freeradius-Users