[Pkg-freeradius-maintainers] Please test freeradius for wheezy LTS
Michael Stapelberg
stapelberg at debian.org
Wed May 31 20:01:06 UTC 2017
Thanks for your work on this! I always just run the autopkgtest and a basic
startup test with the default installation.
On Wed, May 31, 2017 at 7:27 PM, Emilio Pozuelo Monfort <pochu at debian.org>
wrote:
> Hi,
>
> I have prepared an update for freeradius. The changelog is:
>
> freeradius (2.1.12+dfsg-1.2+deb7u1) wheezy-security; urgency=medium
>
> * Non-maintainer upload by the LTS team.
> * CVE-2014-2015: Stack-based buffer overflow in the normify
> function in the rlm_pap module.
> CVE-2015-4680: Properly check revocation of intermediate CA
> certificates. For this to happen, the check_all_crl option of the
> EAP TLS section needs to be enabled in eap.conf.
> CVE-2017-9148: Disable TLS session cache, since it fails to prevent
> resumption of unauthenticated sessions, allowing remote attackers
> (such as malicious 802.1X supplicants) to bypass authentication via
> PEAP or TTLS without sending valid credentials.
>
> -- Emilio Pozuelo Monfort <pochu at debian.org> Wed, 31 May 2017 18:31:47
> +0200
>
> Packages are available for amd64 from [1]. Source and debdiff are also
> included.
>
> [1] https://people.debian.org/~pochu/lts/freeradius/
>
> I have done some basic testing. Some extra testing in more advanced setups
> would
> be apreciated.
>
> Note that the fix for CVE-2015-4680 doesn't include the template changes
> to the
> conffile, to avoid unnecessary prompts and as not everyone needs to enable
> this
> option. This will be explained in the advisory.
>
> I will upload freeradius in the next few days if there is no feedback.
>
> Thanks,
> Emilio
>
> _______________________________________________
> Pkg-freeradius-maintainers mailing list
> Pkg-freeradius-maintainers at lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-
> freeradius-maintainers
>
--
Best regards,
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-freeradius-maintainers/attachments/20170531/22c19fa3/attachment.html>
More information about the Pkg-freeradius-maintainers
mailing list