drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in mod_auth_mellon
Name: |
Mehrere Probleme in mod_auth_mellon |
|
ID: |
USN-4597-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS |
|
Datum: |
Do, 22. Oktober 2020, 19:43 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3878 |
|
Applikationen: |
mod_auth_mellon |
|
Originalnachricht |
--===============8848938001750544652== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="lndhadihihrnp4wd" Content-Disposition: inline
--lndhadihihrnp4wd Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inlin Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-4597-1 October 22, 2020
libapache2-mod-auth-mellon vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in mod_auth_mellon.
Software Description: - libapache2-mod-auth-mellon: SAML 2.0 authentication module for Apache
Details:
François Kooman discovered that mod_auth_mellon incorrectly handled cookies. An attacker could possibly use this issue to cause a Cross-Site Session Transfer attack. (CVE-2017-6807)
It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL. (CVE-2019-3877)
It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2019-3878)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libapache2-mod-auth-mellon 0.12.0-2+deb9u1build0.16.04.1
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4597-1 CVE-2017-6807, CVE-2019-3877, CVE-2019-3878
Package Information: https://launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/0.12.0-2+deb9u1build0.16.04.1
--lndhadihihrnp4wd Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEECtyyz6azUy6AZBzSkGeI6zGnN/8FAl+RlVkACgkQkGeI6zGn N/9FFRAAgvYD4O88smaGEcaHyTruSx54HtpTKc2kbjlzDX5KmD3Gb//JFjwR9NsK W9MmTx5unF8ZTrPfy5DGd0VC8Zd6Hv7YzjNvnWtucMaOmxcyIumbQUFEVMfqnSnt wVa3vTD20W25dUt7tBd3ljBBjFtUbJ3ATmb2ymk4XLsJ2B5SLZR7LwyHcu2zvr0R Q0fE8wzWs3qvkB8mK1AJfU6zDf3ypWUvYCBTZu4Dxp2cdu/AQ+tIPsCVq4MNYnNr 6KNnv2IW8CTgU4ftbBdhy+uCIJWcHunOlMTeUq46GpAfub4+SrLpNzgln+9sSmLW cUPDXSv30FiJ0QuTq9NlfLsY/vJzqRpd5BRps2QF3gbl9P0BWyudp5I7ud+PO+hC eaXG4+Lo4pgEf/ZQKWFajkh3Jb3PuZue9UexWCdcxZaKeeSKMSwVSZv6e856ntXZ VXOQZY3IQLQ+mczL/tkzi/dTqpIWFzyfiHEvnNL2gM56ukVVEk8JhHDMdInU2R+1 2+TbET4suWPFOA8pyRJKSUC3C+3vMQ6VVTyCNOXj8y8VEO772R6fmImHOAg1kfPq evgIwUTfKvSYWZgxha+BaxtRqcm/Q9mCyxk05doYf6xCGcd6VTnxjRGSZOql86Fp Z4QoHMcPT4OjuCXLMv5warCQe7jGPVMA/xK6hWC9YFkkelN1nrM= =RT+R -----END PGP SIGNATURE-----
--lndhadihihrnp4wd--
--===============8848938001750544652== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============8848938001750544652==--
|
|
|
|