SCIENTIFIC-LINUX-ERRATA Archives

December 2016

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Content-Type:
text/plain; charset="utf-8"
Date:
Wed, 14 Dec 2016 18:18:02 -0000
Reply-To:
[log in to unmask]
Subject:
Security ERRATA Important: ipsilon on
MIME-Version:
1.0
Message-ID:
<[log in to unmask]>
Content-Transfer-Encoding:
7bit
Sender:
Security Errata for Scientific Linux <[log in to unmask]>
From:
Scott Reid <[log in to unmask]>
Parts/Attachments:
text/plain (19 lines) 
Synopsis:          Important: ipsilon security update
Advisory ID:       SLSA-2016:2809-1
Issue Date:        2016-11-21
CVE Numbers:       CVE-2016-8638
--

Security Fix(es):

* A vulnerability was found in ipsilon in the SAML2 provider's handling of
sessions. An attacker able to hit the logout URL could determine what
service providers other users are logged in to and terminate their
sessions. (CVE-2016-8638)

This issue was discovered by Patrick Uiterwijk (Red Hat) and Howard
Johnson.
--

- Scientific Linux Development Team

ATOM RSS1 RSS2