Synopsis: Important: freeradius security update Advisory ID: SLSA-2017:1581-1 Issue Date: 2017-06-28 CVE Numbers: CVE-2017-9148 -- Security Fix(es): * An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS session resumption. A remote unauthenticated attacker could potentially use this flaw to bypass the inner authentication check in FreeRADIUS by resuming an older unauthenticated TLS session. (CVE-2017-9148) -- SL7 x86_64 freeradius-3.0.4-8.el7_3.x86_64.rpm freeradius-debuginfo-3.0.4-8.el7_3.x86_64.rpm freeradius-debuginfo-3.0.4-8.el7_3.i686.rpm freeradius-devel-3.0.4-8.el7_3.i686.rpm freeradius-devel-3.0.4-8.el7_3.x86_64.rpm freeradius-doc-3.0.4-8.el7_3.x86_64.rpm freeradius-krb5-3.0.4-8.el7_3.x86_64.rpm freeradius-ldap-3.0.4-8.el7_3.x86_64.rpm freeradius-mysql-3.0.4-8.el7_3.x86_64.rpm freeradius-perl-3.0.4-8.el7_3.x86_64.rpm freeradius-postgresql-3.0.4-8.el7_3.x86_64.rpm freeradius-python-3.0.4-8.el7_3.x86_64.rpm freeradius-sqlite-3.0.4-8.el7_3.x86_64.rpm freeradius-unixODBC-3.0.4-8.el7_3.x86_64.rpm freeradius-utils-3.0.4-8.el7_3.x86_64.rpm - Scientific Linux Development Team