Explore top 10 tips to secure your open-source projects now. Read More
×The mod_auth_mellon module is an authentication service that implements the
SAML 2.0 federation protocol. It grants access based on the attributes
received in assertions generated by a IdP server.
Update Information:
[CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to incorrect error handling when reading POST data from client. [CVE-2016-2146] Fix DOS attack (Apache worker process crash resource exhaustion) due to missing size checks when reading POST data.
[ 1 ] Bug #1315747 - CVE-2016-2146 mod_auth_mellon: Failure to limit amount of POST data submitted by client
https://bugzilla.redhat.com/show_bug.cgi?id=1315747
[ 2 ] Bug #1315739 - CVE-2016-2145 mod_auth_mellon: Missing error check when calling ap_get_client_block()
https://bugzilla.redhat.com/show_bug.cgi?id=1315739
This update can be installed with the "yum" update program. Use su -c 'yum update mod_auth_mellon' at the command line. For more information, refer to "Managing Software with yum", available at .
Get the latest Linux and open source security news straight to your inbox.