Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Scientific Linux: SLSA-2016:2809-1 Important: ipsilon Session Vulnerability

Calendar Dec 14, 2016 User Avatar LinuxSecurity Advisories
1 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory important update Scientific Linux SAML2 provider session termination
Important: ipsilon security update 
Date: Wed, 14 Dec 2016 18:18:02 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Scott Reid 
Subject: Security ERRATA Important: ipsilon on
MIME-Version: 1.0
Message-ID: <20161214181802.15409.94686@slpackages.fnal.gov>

Synopsis: Important: ipsilon security update
Advisory ID: SLSA-2016:2809-1
Issue Date: 2016-11-21
CVE Numbers: CVE-2016-8638
--

Security Fix(es):

* A vulnerability was found in ipsilon in the SAML2 provider's handling of
sessions. An attacker able to hit the logout URL could determine what
service providers other users are logged in to and terminate their
sessions. (CVE-2016-8638)

This issue was discovered by Patrick Uiterwijk (Red Hat) and Howard
Johnson.
--

- Scientific Linux Development Team

Related News

Your message here