Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


It has come to our attention that there are vulnerabilities in the
relatively new 1.0.1-series of OpenSSL (as detailed by affecting TLS enabled customer services via a heartbeat extension.

While there are no indications that this affects TLS-based
EAP-mechanisms or RADIUS/TLS (aka RadSec) at this time, the operational
team has made the decision to upgrade openssl to versions implementing a
fix for CVE-2014-0160