Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Wed, 14 Dec 2016 18:18:02 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Scott Reid Subject: Security ERRATA Important: ipsilon on MIME-Version: 1.0 Message-ID: <20161214181802.15409.94686@slpackages.fnal.gov> Synopsis: Important: ipsilon security update Advisory ID: SLSA-2016:2809-1 Issue Date: 2016-11-21 CVE Numbers: CVE-2016-8638 -- Security Fix(es): * A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions. (CVE-2016-8638) This issue was discovered by Patrick Uiterwijk (Red Hat) and Howard Johnson. -- - Scientific Linux Development Team