drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in mod_auth_mellon
| Name: |
Mehrere Probleme in mod_auth_mellon |
|
| ID: |
USN-4597-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 16.04 LTS |
|
| Datum: |
Do, 22. Oktober 2020, 19:43 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3878 |
|
| Applikationen: |
mod_auth_mellon |
|
Originalnachricht |
--===============8848938001750544652==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="lndhadihihrnp4wd"
Content-Disposition: inline
--lndhadihihrnp4wd
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inlin
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-4597-1
October 22, 2020
libapache2-mod-auth-mellon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in mod_auth_mellon.
Software Description:
- libapache2-mod-auth-mellon: SAML 2.0 authentication module for Apache
Details:
François Kooman discovered that mod_auth_mellon incorrectly handled
cookies. An attacker could possibly use this issue to cause a Cross-Site
Session Transfer attack. (CVE-2017-6807)
It was discovered that mod_auth_mellon incorrectly handled certain requests.
An attacker could possibly use this issue to redirect a user to a malicious
URL. (CVE-2019-3877)
It was discovered that mod_auth_mellon incorrectly handled certain requests.
An attacker could possibly use this issue to access sensitive information.
(CVE-2019-3878)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libapache2-mod-auth-mellon 0.12.0-2+deb9u1build0.16.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4597-1
CVE-2017-6807, CVE-2019-3877, CVE-2019-3878
Package Information:
https://launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/0.12.0-2+deb9u1build0.16.04.1
--lndhadihihrnp4wd
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEECtyyz6azUy6AZBzSkGeI6zGnN/8FAl+RlVkACgkQkGeI6zGn
N/9FFRAAgvYD4O88smaGEcaHyTruSx54HtpTKc2kbjlzDX5KmD3Gb//JFjwR9NsK
W9MmTx5unF8ZTrPfy5DGd0VC8Zd6Hv7YzjNvnWtucMaOmxcyIumbQUFEVMfqnSnt
wVa3vTD20W25dUt7tBd3ljBBjFtUbJ3ATmb2ymk4XLsJ2B5SLZR7LwyHcu2zvr0R
Q0fE8wzWs3qvkB8mK1AJfU6zDf3ypWUvYCBTZu4Dxp2cdu/AQ+tIPsCVq4MNYnNr
6KNnv2IW8CTgU4ftbBdhy+uCIJWcHunOlMTeUq46GpAfub4+SrLpNzgln+9sSmLW
cUPDXSv30FiJ0QuTq9NlfLsY/vJzqRpd5BRps2QF3gbl9P0BWyudp5I7ud+PO+hC
eaXG4+Lo4pgEf/ZQKWFajkh3Jb3PuZue9UexWCdcxZaKeeSKMSwVSZv6e856ntXZ
VXOQZY3IQLQ+mczL/tkzi/dTqpIWFzyfiHEvnNL2gM56ukVVEk8JhHDMdInU2R+1
2+TbET4suWPFOA8pyRJKSUC3C+3vMQ6VVTyCNOXj8y8VEO772R6fmImHOAg1kfPq
evgIwUTfKvSYWZgxha+BaxtRqcm/Q9mCyxk05doYf6xCGcd6VTnxjRGSZOql86Fp
Z4QoHMcPT4OjuCXLMv5warCQe7jGPVMA/xK6hWC9YFkkelN1nrM=
=RT+R
-----END PGP SIGNATURE-----
--lndhadihihrnp4wd--
--===============8848938001750544652==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK
--===============8848938001750544652==--
|
|
|
|
