LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

December 2016

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA December 2016

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Important: ipsilon on
From:	Scott Reid <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Wed, 14 Dec 2016 18:18:02 -0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (19 lines)

Synopsis:          Important: ipsilon security update
Advisory ID:       SLSA-2016:2809-1
Issue Date:        2016-11-21
CVE Numbers:       CVE-2016-8638
--

Security Fix(es):

* A vulnerability was found in ipsilon in the SAML2 provider's handling of
sessions. An attacker able to hit the logout URL could determine what
service providers other users are logged in to and terminate their
sessions. (CVE-2016-8638)

This issue was discovered by Patrick Uiterwijk (Red Hat) and Howard
Johnson.
--

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV