--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2018-7150fa5dce
2018-03-29 15:42:14.125031
--------------------------------------------------------------------------------
Name : php-simplesamlphp-saml2
Product : Fedora EPEL 7
Version : 2.3.8
Release : 1.el7
URL :
https://github.com/simplesamlphp/saml2
Summary : SAML2 PHP library from SimpleSAMLphp
Description :
A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp [1],
used by OpenConext [2]. This library started as a collaboration between
UNINETT [3] and SURFnet [4] but everyone is invited to contribute.
Autoloader: /usr/share/php/SAML2/autoload.php
[1]
https://www.simplesamlphp.org/
[2]
https://www.openconext.org/
[3]
https://www.uninett.no/
[4]
https://www.surfnet.nl/
--------------------------------------------------------------------------------
Update Information:
* [SSPSA 201803-01 /
CVE-2018-7711](https://simplesamlphp.org/security/201803-01) * [SSPSA 201802-01
/
CVE-2018-7644](https://simplesamlphp.org/security/201802-01) * [SSPSA
201801-01 /
CVE-2018-6519](https://simplesamlphp.org/security/201801-01)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1553357 - CVE-2018-7711 php-simplesamlphp-saml2: Authentication Bypass in the
signature validation utilities
https://bugzilla.redhat.com/show_bug.cgi?id=1553357
[ 2 ] Bug #1553352 - CVE-2018-7644 php-simplesamlphp-saml2: Signature Validation Bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1553352
[ 3 ] Bug #1542244 - CVE-2018-6519 php-simplesamlphp-saml2: Denial of Service in
xs:DateTime timestamp in SAML2 library
https://bugzilla.redhat.com/show_bug.cgi?id=1542244
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update php-simplesamlphp-saml2' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/...
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------