[Pkg-freeradius-maintainers] Please test freeradius for wheezy LTS
stapelberg at debian.org
Wed May 31 20:01:06 UTC 2017
Thanks for your work on this! I always just run the autopkgtest and a basic
startup test with the default installation.
On Wed, May 31, 2017 at 7:27 PM, Emilio Pozuelo Monfort <pochu at debian.org>
> I have prepared an update for freeradius. The changelog is:
> freeradius (2.1.12+dfsg-1.2+deb7u1) wheezy-security; urgency=medium
> * Non-maintainer upload by the LTS team.
> * CVE-2014-2015: Stack-based buffer overflow in the normify
> function in the rlm_pap module.
> CVE-2015-4680: Properly check revocation of intermediate CA
> certificates. For this to happen, the check_all_crl option of the
> EAP TLS section needs to be enabled in eap.conf.
> CVE-2017-9148: Disable TLS session cache, since it fails to prevent
> resumption of unauthenticated sessions, allowing remote attackers
> (such as malicious 802.1X supplicants) to bypass authentication via
> PEAP or TTLS without sending valid credentials.
> -- Emilio Pozuelo Monfort <pochu at debian.org> Wed, 31 May 2017 18:31:47
> Packages are available for amd64 from . Source and debdiff are also
>  https://people.debian.org/~pochu/lts/freeradius/
> I have done some basic testing. Some extra testing in more advanced setups
> be apreciated.
> Note that the fix for CVE-2015-4680 doesn't include the template changes
> to the
> conffile, to avoid unnecessary prompts and as not everyone needs to enable
> option. This will be explained in the advisory.
> I will upload freeradius in the next few days if there is no feedback.
> Pkg-freeradius-maintainers mailing list
> Pkg-freeradius-maintainers at lists.alioth.debian.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pkg-freeradius-maintainers