There is a new release of the freeradius 3 packages with fix for CVE-2017-9148 (not published yet) vulnerability. Reproducible: Always Steps to Reproduce: 1. freeradius < 3.0.14 is vulnerable against CVE-2017-9148 2. 3. Actual Results: This vulnerability can be used by attacker to gain access to the network.
Thanks for the report. Looks like ago missed that bug. We will use bug 620186 to track this vulnerability now (has already set alias...). *** This bug has been marked as a duplicate of bug 620186 ***