mod_auth_mellon security update

🗓️ 05 Nov 2014 12:06:15Reported by CentOS ProjectType

centos

centos🔗 lists.centos.org👁 60 Views

mod_auth_mellon update for SAML 2.0 authentication module security flaw

Reporter	Title	Published	Views	Family All 30
Tenable Nessus	CentOS 6 : mod_auth_mellon (CESA-2014:1803)	6 Nov 201400:00	–	nessus
Tenable Nessus	Oracle Linux 6 : mod_auth_mellon (ELSA-2014-1803)	6 Nov 201400:00	–	nessus
Tenable Nessus	RHEL 6 : mod_auth_mellon (RHSA-2014:1803)	6 Nov 201400:00	–	nessus
Tenable Nessus	Scientific Linux Security Update : mod_auth_mellon on SL6.x i386/x86_64 (20141105)	10 Nov 201400:00	–	nessus
CVE	CVE-2014-8566	15 Nov 201421:00	–	cve
CVE	CVE-2014-8567	14 Nov 201415:00	–	cve
Cvelist	CVE-2014-8566	15 Nov 201421:00	–	cvelist
Cvelist	CVE-2014-8567	14 Nov 201415:00	–	cvelist
Debian CVE	CVE-2014-8566	15 Nov 201421:00	–	debiancve
Debian CVE	CVE-2014-8567	14 Nov 201415:00	–	debiancve

OS	OS Version	Architecture	Package	Package Version	Filename
CentOS	6	i686	mod_auth_mellon	0.8.0-3.el6_6	mod_auth_mellon-0.8.0-3.el6_6.i686.rpm
CentOS	6	x86_64	mod_auth_mellon	0.8.0-3.el6_6	mod_auth_mellon-0.8.0-3.el6_6.x86_64.rpm

Source	Link
twitter	www.twitter.com/centos
steadfast	www.steadfast.net/
rhn	www.rhn.redhat.com/errata/RHSA-2014-1803.html
linkedin	www.linkedin.com/groups/22405
youtube	www.youtube.com/TheCentOSProject
facebook	www.facebook.com/groups/centosproject/
reddit	www.reddit.com/r/CentOS/

05 Nov 2014 12:06Current

5.8Medium risk

Vulners AI Score5.8

CVSS 29.4

EPSS0.03599

mod_auth_mellon saml 2.0 authentication security flaws update apache http server session handling information disclosure memory remote attacker data logout request apache crash patch upgrade package