| Errata ID | 195 |
|---|---|
| Date | 2019-07-24 |
| Source package | simplesamlphp |
| Fixed in version | 1.16.3-1A~4.4.0.201907162025 |
| Description | This update addresses the following issues: * SimpleSAMLphp has been updated to version 1.16.3. * HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value. (CVE-2018-7711) * SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. (CVE-2018-6520) * The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input. (CVE-2017-12872) * SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. (CVE-2017-12870) * The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV). (CVE-2017-12871) |
| Additional notes | |
| CVE ID | CVE-2017-12871 CVE-2017-12870 CVE-2018-7711 CVE-2018-6520 CVE-2017-12872 |
| UCS Bug number | #48961 |
