-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Description ===========
A vulnerability in ipsilon was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users.
Affected versions =================
All versions of Ipsilon 2.0 before 2.0.2 are vulnerable. All versions of Ipsilon 1.2 before 1.2.1 are vulnerable. All versions of Ipsilon 1.1 before 1.1.2 are vulnerable. All versions of Ipsilon 1.0 before 1.0.3 are vulnerable.
Patched versions ================
Ipsilon versions 2.0.2, 1.2.1, 1.1.2 and 1.0.3 are available per direct, and all include patches to solve this problem.
Credit ======
This issue was reported by Patrick Uiterwijk of Red Hat and Howard Johnson.
Link ====
This advisory is available on https://ipsilon-project.org/advisory/CVE-2016-8638.txt The version on the website might be updated as more information becomes available.
Hi Patrick,
Are there any plans to release 2.0.2 rpm? On your copr site there is only 2.0.0-2 in master for epel.
Josh.
On 11/21/2016 06:06 AM, Patrick Uiterwijk wrote:
Patched versions
Ipsilon versions 2.0.2, 1.2.1, 1.1.2 and 1.0.3 are available per direct, and all include patches to solve this problem.
Credit
This issue was reported by Patrick Uiterwijk of Red Hat and Howard Johnson.
ipsilon@lists.fedorahosted.org