[SECURITY] Fedora 27 Update: php-simplesamlphp-saml2_3-3.1.4-3.fc27

A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp 1, used by OpenConext 2. This library started as a collaboration between UNINETT 3 and SURFnet 4 but everyone is invited to contribute. Autoloader: /usr/share/php/SAML23/autoload.php 1 https://www.simplesamlphp.org/ 2...

[SECURITY] Fedora 27 Update: php-simplesamlphp-saml2-2.3.8-1.fc27

A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp 1, used by OpenConext 2. This library started as a collaboration between UNINETT 3 and SURFnet 4 but everyone is invited to contribute. Autoloader: /usr/share/php/SAML2/autoload.php 1 https://www.simplesamlphp.org/ 2...

[SECURITY] Fedora 27 Update: php-simplesamlphp-saml2_1-1.10.6-1.fc27

A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp 1, used by OpenConext 2. This library started as a collaboration between UNINETT 3 and SURFnet 4 but everyone is invited to contribute. Autoloader: /usr/share/php/SAML21/autoload.php 1 https://www.simplesamlphp.org/ 2...

[SECURITY] Fedora 26 Update: php-simplesamlphp-saml2_3-3.1.4-1.fc26

A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp 1, used by OpenConext 2. This library started as a collaboration between UNINETT 3 and SURFnet 4 but everyone is invited to contribute. Autoloader: /usr/share/php/SAML23/autoload.php 1 https://www.simplesamlphp.org/ 2...

[SECURITY] Fedora 26 Update: php-simplesamlphp-saml2-2.3.8-1.fc26

A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp 1, used by OpenConext 2. This library started as a collaboration between UNINETT 3 and SURFnet 4 but everyone is invited to contribute. Autoloader: /usr/share/php/SAML2/autoload.php 1 https://www.simplesamlphp.org/ 2...

[SECURITY] Fedora 26 Update: php-simplesamlphp-saml2_1-1.10.6-1.fc26

A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp 1, used by OpenConext 2. This library started as a collaboration between UNINETT 3 and SURFnet 4 but everyone is invited to contribute. Autoloader: /usr/share/php/SAML21/autoload.php 1 https://www.simplesamlphp.org/ 2...

[SECURITY] [DLA 1314-1] simplesamlphp security update

Package : simplesamlphp Version : 1.9.2-1+deb7u4 CVE ID : CVE-2018-7711 Cure53 discovered that in SimpleSAMLphp, in rare circumstances an invalid signature on the SAML 2.0 HTTP Redirect binding could be considered valid. Additionally this update fixes a regression introduced in DLA-1298 by the...

DLA-1314-1 simplesamlphp - security update

Bulletin has no description...

SimpleSAMLphp Incorrect Signature Validation Vulnerability

SimpleSAMLphp is a set of PHP authentication applications that implement the SAML 2.0 Service Provider and Identity Provider functionality. the SAML2 library is one of the Security Assertion Markup Language libraries . A security vulnerability exists in the HTTPRedirect.php file of the SAML2...

SimpleSAMLphp Key Obfuscation Vulnerability

SimpleSAMLphp is a suite of PHP authentication applications that implement the SAML 2.0 service provider and identity provider functionality. the SAML2 library is one of the Security Assertion Markup Language SAML libraries. the XmlSecLibs library is one of the XML security libraries . A security...

Debian DLA-1298-1 : simplesamlphp security update

Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. CVE-2016-9814 & CVE-2016-9955 An incorrect check of return values in the signature validation utilities allowed an attacker to get invalid signatures accepted as valid i...

Input validation

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP...

CVE-2018-7711

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP...

CVE-2018-7711

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP...

DEBIAN-CVE-2018-7711

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP...

CVE-2018-7711

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP...

CVE-2018-7711

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP...

CVE-2018-7711

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP...

CVE-2018-7711

CVE-2018-7711 affects the SimpleSAMLphp saml2 library, specifically HTTPRedirect.php in versions prior to 1.15.4. The root cause is an incorrect check of return values in the signature validation utilities, caused by a dependency on PHP behavior that interprets a -1 error code as true. This lets ...

CVE-2018-7644

The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing th...