[bug-notifications] [freeradius 0004940]: freeRADIUS v1.0.1 package is obsolete and may be insecure
Mantis Bug Tracker
noreply at opencsw.org
Thu Apr 26 11:17:01 CEST 2012
A NOTE has been added to this issue.
======================================================================
https://www.opencsw.org/mantis/view.php?id=4940
======================================================================
Reported By: leinenbach
Assigned To: dam
======================================================================
Project: freeradius
Issue ID: 4940
Category: upgrade
Reproducibility: always
Severity: major
Priority: normal
Status: assigned
======================================================================
Date Submitted: 2012-04-24 11:49 CEST
Last Modified: 2012-04-26 11:17 CEST
======================================================================
Summary: freeRADIUS v1.0.1 package is obsolete and may be
insecure
Description:
The freeRADIUS 1.0.1 package is extremely outdated, should not be used and
is insecure. Version 2.x is now recommended, but there's no such package.
Quote:
"As of January 2008, the version 1.1.x releases are no longer actively
maintained. Version 1.1.7 was the last release in that cycle. We recommend
that everyone using Version 1.1.7 (or any earlier version) upgrade to the
latest 2.x release as soon as possible."
Source: http://freeradius.org/download.html
======================================================================
----------------------------------------------------------------------
(0009837) leinenbach (reporter) - 2012-04-26 11:17
https://www.opencsw.org/mantis/view.php?id=4940#c9837
----------------------------------------------------------------------
Indeed! :)
First look:
I think...
- your change of the configuration directory from /etc/opt/csw/raddb to
/etc/opt/csw/freeradius
- and to deliver all config files just as .CSW
is a good idea.
You should rename:
sites-available/inner-tunnel to inner-tunnel.CSW
sites-available/soh to soh.CSW
The sites-enabled/default symlink is broken, but this is OK as this should
be by purpose as the sites-available/default file is missing as it is
called .CSW before someone configures it.
More information about the bug-notifications
mailing list