Tuesday, August 4, 2015 - 10:15
Advisory issued by eduroam.OT 08/04/2014
It has come to our attention that there are vulnerabilities in the relatively new 1.0.1-series of OpenSSL (as detailed by http://heartbleed.com/) affecting TLS enabled services via a heartbeat extension.
While there are no indications that this affects TLS-based EAP-mechanisms or RADIUS/TLS (aka RadSec) at this time, the operational team has made the decision to upgrade OpenSSL to versions implementing a fix for CVE-2014-0160