Debian: Security Advisory (DLA-1298-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1298-1 : simplesamlphp security update

Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. CVE-2016-9814 & CVE-2016-9955 An incorrect check of return values in the signature validation utilities allowed an attacker to get invalid signatures accepted as valid i...

[SECURITY] [DLA 1297-1] simplesamlphp security update

Package : simplesamlphp Version : 1.9.2-1+deb7u3 CVE ID : CVE-2016-9814 CVE-2016-9955 Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. CVE-2016-9814 & CVE-2016-9955 An incorrect check of return values in the signature...

CVE-2016-9814

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service memory consumption by leveraging...

CVE-2016-9814

Summary: CVE-2016-9814 affects SimpleSAMLphp and the simplesamlphp/saml2 library. The vulnerability stems from an improper conversion of return values to boolean in the validateSignature method of SAML2\Utils, enabling remote attackers to spoof SAML responses or cause a memory-related Denial of S...