On Tue, Feb 19, 2002 at 02:19:26PM -0800, Scott Pell wrote: > I am trying to load up the latest snapshot of FreeRadius, but I have > been warned by FreeBSD developers to not run the released version > because of the remotely exploitable buffer overflow security hole.
> Is there a patch that covers this? If so, we can get guys to take the > security hold off of the port. If not, is there a timeframe to fix? They seem to be warning you (from the quote below) not to run the version of freeradius that's included in the FreeBSD ports. And indeed, 20010310 is quite old. I'm given to understand that the latest freeradius release, 0.4, has a fix for the security hole in question. Steve Langasek postmodern programmer > [EMAIL PROTECTED] wrote: > > <<On Tue, 19 Feb 2002 12:54:26 -0800, "Scott Pell" <[EMAIL PROTECTED]> > said: > > > Trying update and install this port...getting the following: ===> > > freeradius-devel-20010310 is forbidden: Remotely exploitable buffer > > overflow. > > > Any recommendations on how to get this port installed? > > Don't. When I (or anyone else, for that matter) get a > sufficiently-large Round Tuit, the port will be replaced with one for a > released version of FreeRADIUS which doesn't have the security hole. > > -GAWollman > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.324 / Virus Database: 181 - Release Date: 2/14/2002 > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
msg03440/pgp00000.pgp
Description: PGP signature