Published: 05 April 2017
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
CVSS 3 base score: 7.5
Launchpad, Ubuntu, Debian
|Ubuntu 16.04 ESM (Xenial Xerus)||
|Ubuntu 14.04 ESM (Trusty Tahr)||
Does not exist
(trusty was ignored)
Upstream states that the recommended configuration is not affected. Only configurations using certs from a public CA are affected and upstream says that such configurations are not recommended.
we will not be fixing this issue in Ubuntu 14.04 LTS. Users are advised to follow upstream recommendations or to update to a later Ubuntu release.