Package: radsecproxy Vulnerability: SSL certificate verification weakness Problem type: remote Debian-specific: no CVE ID: CVE-2012-4523, CVE-2012-4566 Description: - Ralf Paffrath reported that Radsecproxy, a RADIUS protocol proxy, mixed up pre- and post-handshake verification of clients. This vulnerability may wrongly accept clients without checking their certificate chain under certain configurations. - Raphael Geissert spotted that the fix for CVE-2012-4523 was incomplete, giving rise to CVE-2012-4566. Fixed versions: - For the stable distribution (squeeze): version 1.4-1+squeeze1 - For the testing distribution (wheezy): version 1.6.2-1 - For the unstable distribution (sid): version 1.6.2-1 Notice: This fix may make Radsecproxy reject some clients that are currently (erroneously) being accepted.