Sicherheit: Zwei Probleme in mod_auth_mellon
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in mod_auth_mellon
ID: FEDORA-2016-5df9d1c883
Distribution: Fedora
Plattformen: Fedora 24
Datum: So, 27. März 2016, 08:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2145
Applikationen: mod_auth_mellon


Name        : mod_auth_mellon
Product : Fedora 24
Version : 0.12.0
Release : 1.fc24
URL : https://github.com/UNINETT/mod_auth_mellon
Summary : A SAML 2.0 authentication module for the Apache Httpd Server
Description :
The mod_auth_mellon module is an authentication service that implements the
SAML 2.0 federation protocol. It grants access based on the attributes
received in assertions generated by a IdP server.

Update Information:

* [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
incorrect error handling when reading POST data from client. * [CVE-2016-2146]
Fix DOS attack (Apache worker process crash / resource exhaustion) due to
missing size checks when reading POST data. In addition this release
the following new features and fixes: * Add MellonRedirectDomains option to
limit the sites that mod_auth_mellon can redirect to. This option is enabled
by default. * Add support for ECP service options in PAOS requests. * Fix
AssertionConsumerService lookup for PAOS requests.

This update can be installed with the "yum" update program. Use
su -c 'yum update mod_auth_mellon' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Pro-Linux @Facebook
Neue Nachrichten