Release of 3.0.12
Adam.Bishop at jisc.ac.uk
Tue Sep 27 12:52:28 CEST 2016
On 26 Sep 2016, at 12:44, Alan DeKok <aland at DEPLOYINGRADIUS.COM> wrote:
> Ugh. I've pushed fixes.
Spun a build this morning, looks good to me.
Error: Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 0x1000105f (1.0.1e release) (in range 1.0.1 release - 1.0.1t rele)
Error: Security advisory CVE-2016-6304 (OCSP status request extension)
Error: For more information see https://www.openssl.org/news/secadv/20160922.txt
Info: Once you have verified libssl has been correctly patched, set security.allow_vulnerable_openssl = 'CVE-2016-6304'
Error: Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f release)
Error: Security advisory CVE-2014-0160 (Heartbleed)
Error: For more information see http://heartbleed.com
Correctly identifies the vulnerability, and the suppression works as expected.
gpg: E75B 1F92 6407 DFDF 9F1C BF10 C993 2504 6609 D460
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
More information about the Freeradius-Users