[bug-notifications] [freeradius 0004940]: freeRADIUS v1.0.1 package is obsolete and may be insecure

Mantis Bug Tracker noreply at opencsw.org
Wed Apr 25 15:38:53 CEST 2012 

A NOTE has been added to this issue. 
====================================================================== 
https://www.opencsw.org/mantis/view.php?id=4940 
====================================================================== 
Reported By:                leinenbach
Assigned To:                dam
====================================================================== 
Project:                    freeradius
Issue ID:                   4940
Category:                   upgrade
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     assigned
====================================================================== 
Date Submitted:             2012-04-24 11:49 CEST
Last Modified:              2012-04-25 15:38 CEST
====================================================================== 
Summary:                    freeRADIUS v1.0.1 package is obsolete and may be
insecure
Description: 
The freeRADIUS 1.0.1 package is extremely outdated, should not be used and
is insecure. Version 2.x is now recommended, but there's no such package.

Quote:
"As of January 2008, the version 1.1.x releases are no longer actively
maintained. Version 1.1.7 was the last release in that cycle. We recommend
that everyone using Version 1.1.7 (or any earlier version) upgrade to the
latest 2.x release as soon as possible."
Source: http://freeradius.org/download.html

====================================================================== 

---------------------------------------------------------------------- 
 (0009834) leinenbach (reporter) - 2012-04-25 15:38
 https://www.opencsw.org/mantis/view.php?id=4940#c9834 
---------------------------------------------------------------------- 
Right now, I still test the old experimental i386 package.

If it is similar here, then there are /etc/opt/csw/raddb/modules/*.CSW
files as a backup of the original files.
All *.CSW files should be removed as everything in this subdir is included
by the radiusd.conf file. (And we can't exclude *.CSW, as regexes seem not
to be supported.)

radiusd.conf:
...
$INCLUDE ${confdir}/modules/
...

If we want to keep those *.CSW files there, then we should use another
directory similar to the sites directory - or store them in a subdir
somewhere else (eg. /opt/csw/doc/doc/freeradius/).

(I usually recommend to leave all original config files untouched as they
could be overwritten or deleted later, but to make changes to *.local files
instead. But this does not work here, at least not consequently.)

More information about the bug-notifications mailing list