FreeRad crashing (RHEL 9.4, jut patched
Alan DeKok
aland at deployingradius.com
Fri Aug 16 13:19:31 UTC 2024
On Aug 2, 2024, at 4:52 AM, James Potter via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> Is anyone else experiencing FreeRad core dumping on RHEL 9.4 with the latest patch?
>
> Tum history info 59 gives:
> Packages Altered:
> Upgrade freeradius-3.0.21-40.el9_4.x86_64 @rhel-9-for-x86_64-appstream-rpms
> Upgraded freeradius-3.0.21-39.el9_3.x86_64 @@System
> Upgrade freeradius-ldap-3.0.21-40.el9_4.x86_64 @rhel-9-for-x86_64-appstream-rpms
> Upgraded freeradius-ldap-3.0.21-39.el9_3.x86_64 @@System
>
> This appears to be related to status_check = status-server set in proxies (commenting it out seems to cause less/no crashes).
> With these lines commented out it runs fine, with these present service dies after ~5+ mins of running (running radiusd -X waiting for it to die again, its taking its time...)
>
> Change from v39 -> v40 appears to be related to BlastRADIUS vulnerability. Is there any issue with the fix for Blast + status_server checks?
If you're running 3.0.21 plus patches, you should either use 3.0.27 from our official repos, or ask RedHat to fix their packages.
i.e. 3.0.21 is 4 years old, and we have released new versions of FreeRADIUS since then with many fixes. We don't re-release "patched" versions of old software.
I presume you're paying RedHat for support. The solution is then to ask that they provide you with fixes. The current patches they provide are *not* the official 3.0.21, and RedHat has likely added patches which break the server.
So in the end, this looks like a RedHat problem, and not a FreeRADIUS problem.
Alan DeKok.
More information about the Freeradius-Users
mailing list