freeradius (3.0.12+dfsg-4ubuntu1.1) zesty-security; urgency=medium * SECURITY UPDATE: authentication bypass via session resumption - debian/patches/disable-session-cache-CVE-2017-9148.patch: completely disable session caching in src/main/tls.c. Thanks to Debian for the patch! - CVE-2017-9148 -- Marc Deslauriers <email address hidden> Wed, 07 Jun 2017 10:23:34 -0400