Ubuntu
freeradius package

Old version in Universe - Please Update

Bug #51311 reported by Andrew on 2006-06-29

Affects		Status	Importance	Assigned to	Milestone
	freeradius (Ubuntu)	Fix Released	Undecided	MOTU

Bug Description

Binary package hint: freeradius

There is a newer version of FreeRADIUS (1.1.2) The current version (1.1.0) is 6 months old.

The vendor recommends people upgrade to the latest version for the bug fixes it contains.

Revision history for this message

Daniel Robitaille (robitaille) wrote on 2006-06-30:

1.1.2-1 is currently available in Debian unstable. So it should appears in Ubuntu Edgy soon.

Changed in freeradius:
status:	Unconfirmed → Confirmed
assignee:	nobody → motu

Revision history for this message

Despair (despair) wrote on 2006-07-06:

http://www.freeradius.org/security.html
1.1.0 and earlier: "A malicious attacker could manipulate their EAP-MSCHAPv2 client state machine to potentially convince the server to bypass authentication checks. This bypassing could also result in the server crashing. We recommend that administrators upgrade immediately."

Security issue and remote crasher. Ouch.

Revision history for this message

Jérémie Corbier (jcorbier) wrote on 2006-07-08:

1.1.2-2ubuntu1 uploaded to edgy.

Changed in freeradius:
status:	Confirmed → Fix Committed

Jérémie Corbier (jcorbier) on 2006-07-08

Changed in freeradius:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntufreeradius package

Old version in Universe - Please Update

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
freeradius package