Hi, Alan DeKok, 2009-09-09 14:54: > We have released version 1.1.8 to fix an issue with the handling of > Tunnel-Password. This is the same issue that was found in version
This sounds harmless for most people, I guess, or at least for us, as we don't use Tunnel-Password. But reading CVE-2009-3111 and looking at the patch, it seems that this can crash any server just by sending an empty attribute. That would mean that every 1.1.7 installation should upgrade to 1.1.8 ASAP. Right? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
