Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

It has come to our attention that there are vulnerabilities in the
relatively new 1.0.1-series of OpenSSL (as detailed by http://heartbleed.com/) affecting TLS enabled customer services via a heartbeat extension.

While there are no indications that this affects TLS-based
EAP-mechanisms or RADIUS/TLS (aka RadSec) at this time, the operational
team has made the decision to upgrade openssl to versions implementing a
fix for CVE-2014-0160

...