Jump to content


debian updates sunrat bruno v.t. eric layton

  • Please log in to reply
1550 replies to this topic

#1551 OFFLINE   sunrat


    Thread Kahuna

  • Forum Moderators
  • 5,807 posts

Posted Today, 12:51 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4414-1                   security@debian.org
https://www.debian.org/security/                          Thijs Kinkhorst
March 23, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libapache2-mod-auth-mellon
CVE ID         : CVE-2019-3877 CVE-2019-3878
Debian Bug     : 925197

Several issues have been discovered in Apache module auth_mellon, which
provides SAML 2.0 authentication.


    It was possible to bypass the redirect URL checking on logout, so
    the module could be used as an open redirect facility.


    When mod_auth_mellon is used in an Apache configuration which
    serves as a remote proxy with the http_proxy module, it was
    possible to bypass authentication by sending SAML ECP headers.

For the stable distribution (stretch), these problems have been fixed in
version 0.12.0-2+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

Also tagged with one or more of these keywords: debian, updates, sunrat, bruno, v.t. eric layton

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users