Your submission was sent successfully! Close

CVE-2015-4680

Published: 5 April 2017

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
freeradius
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was ignored)
upstream Needed

utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Not vulnerable
(2.2.8+dfsg-0.1build2)
yakkety Not vulnerable
(2.2.8+dfsg-0.1build2)
zesty Not vulnerable
(3.0.12+dfsg-4ubuntu1)

Notes

AuthorNote
tyhicks
Upstream states that the recommended configuration is not affected.
Only configurations using certs from a public CA are affected and upstream
says that such configurations are not recommended.
mdeslaur
we will not be fixing this issue in Ubuntu 14.04 LTS. Users are
advised to follow upstream recommendations or to update to a
later Ubuntu release.

References

Bugs