Fedora 24 Update: mod_auth_mellon-0.12.0-1.fc24

Sun Mar 27 00:30:49 UTC 2016

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-5df9d1c883
2016-03-27 00:00:51.391744
--------------------------------------------------------------------------------

Name        : mod_auth_mellon
Product     : Fedora 24
Version     : 0.12.0
Release     : 1.fc24
URL         : https://github.com/UNINETT/mod_auth_mellon
Summary     : A SAML 2.0 authentication module for the Apache Httpd Server
Description :
The mod_auth_mellon module is an authentication service that implements the
SAML 2.0 federation protocol. It grants access based on the attributes
received in assertions generated by a IdP server.

--------------------------------------------------------------------------------
Update Information:

* [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
incorrect error handling when reading POST data from client.  * [CVE-2016-2146]
Fix DOS attack (Apache worker process crash /   resource exhaustion) due to
missing size checks when reading   POST data.  In addition this release contains
the following new features and fixes:  * Add MellonRedirectDomains option to
limit the sites that   mod_auth_mellon can redirect to. This option is enabled
by default.  * Add support for ECP service options in PAOS requests.  * Fix
AssertionConsumerService lookup for PAOS requests.
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update mod_auth_mellon' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------