Stay Secure with the Latest Linux Advisories

security advisorysoftware updateFedora

Fedora 24: php-pear-CAS Update - Critical Authentication Bypass Fix

**Changes in version 1.3.5** * Security Fixes: * Fix possible authentication bypass in validateCAS20 [#228] (Gregory Boddin) * Bug Fixes: * Fix file permissions (non-executable) [#177] (Remi Collet) * Fixed translations Greek and Japanese [#192] (ikari7789) * Fix errors under phpdbg [#204] (MasonM) * Fix logout replication error [#213] (Gregory Boddin) *. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-d9d620366e 2017-04-22 03:35:52.572680 --------------------------------------------------------------------------------Name : php-pear-CAS Product : Fedora 24 Version : 1.3.5 Release : 1.fc24 URL : https://apereo.atlassian.net/wiki/spaces/CASC/overview Summary : Central Authentication Service client library in php Description : This package is a PEAR library for using a Central Authentication Service. Autoloader '%{pear_phpdir}/CAS/Autoload.php'; --------------------------------------------------------------------------------Update Information: **Changes in version 1.3.5** * Security Fixes: * Fix possible authentication bypass in validateCAS20 [#228] (Gregory Boddin) * Bug Fixes: * Fix file permissions (non-executable) [#177] (Remi Collet) * Fixed translations Greek and Japanese [#192] (ikari7789) * Fix errors under phpdbg [#204] (MasonM) * Fix logout replication error [#213] (Gregory Boddin) * Improvement: * Add more debug info to logout code [#95] (Joachim Fritschi) * Allow longer ticket > 32 chars for PGTStorage [#130] (Joachim Fritchi) * Improved verification of supplied CA arguments [#172] (Joachim Fritschi) * Change minimum supported php version to 5.4 in documentation (Joachim Fritschi) * Add message to CAS_Authentication_Exception [#197] (Baldinof) * Ingnore composer related files and directories [#201] (greg0ire) * Add setter for cas client [#206] (greg0ire) * Add callback for attribute parsing [#205] (Gregory Boddin) *Added setter for base url [#208] (LeopardDennis) * Fix documentation of code documentation [#216] (erozqba) * Improved https detection by HTTP_X_FORWARDED_Protocol [#220] (Gregory Boddin) * Add language support for simplified chinese [#227] (phy25) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade php-pear-CAS' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Significant enhancements to php-pear-CAS in Fedora 24 include crucial security updates and various bug corrections aimed at boosting overall stability.. php-pear-CAS, Fedora 24, authentication fix, software update, security patch. . Severity: Critical. LinuxSecurity.com Team

Apr 22, 2017 •Critical Fedora