From 3ce25b6b67ad5c6ae18dbccae5385c6d57f6b85a Mon Sep 17 00:00:00 2001 From: Dan Breslau Date: Fri, 2 Jun 2017 11:29:40 -0400 Subject: [PATCH] Disabled session caching in raddb/mods-available/eap in response to CVE-2017-9148. --- debian/changelog | 6 ++++++ raddb/mods-available/eap | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 60f0030..ccb644d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +freeradius (3.0.13+moonshot3-6) unstable; urgency=medium + + * Disabled session caching in EAP in response to CVE-2017-9148. + + -- Painless Security Fri, 02 Jun 2017 15:29:00 -0400 + freeradius (3.0.13+moonshot3-5) unstable; urgency=medium * Fixed deleted links when upgrading to 3.0.13 on debian/ubuntu diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap index 427016c..5cc4ac5 100644 --- a/raddb/mods-available/eap +++ b/raddb/mods-available/eap @@ -390,7 +390,7 @@ eap { # If "enable = no" below, you CANNOT enable resumption for just one # user by setting the above attribute to "yes". # - enable = yes + enable = no # # Lifetime of the cached entries, in hours. The sessions will be -- 2.1.4