Fedora 24 Update: mod_auth_mellon-0.12.0-1.fc24
updates at fedoraproject.org
updates at fedoraproject.org
Sun Mar 27 00:30:49 UTC 2016
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-5df9d1c883
2016-03-27 00:00:51.391744
--------------------------------------------------------------------------------
Name : mod_auth_mellon
Product : Fedora 24
Version : 0.12.0
Release : 1.fc24
URL : https://github.com/UNINETT/mod_auth_mellon
Summary : A SAML 2.0 authentication module for the Apache Httpd Server
Description :
The mod_auth_mellon module is an authentication service that implements the
SAML 2.0 federation protocol. It grants access based on the attributes
received in assertions generated by a IdP server.
--------------------------------------------------------------------------------
Update Information:
* [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
incorrect error handling when reading POST data from client. * [CVE-2016-2146]
Fix DOS attack (Apache worker process crash / resource exhaustion) due to
missing size checks when reading POST data. In addition this release contains
the following new features and fixes: * Add MellonRedirectDomains option to
limit the sites that mod_auth_mellon can redirect to. This option is enabled
by default. * Add support for ECP service options in PAOS requests. * Fix
AssertionConsumerService lookup for PAOS requests.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update mod_auth_mellon' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list