Debian Security Advisory(Debian安全报告) DSA-4414-1 libapache2-mod-auth-mellon security update

Package:libapache2-mod-auth-mellon

CVE ID::CVE-2019-3877 CVE-2019-3878

Debian Bug: 925197

  在提供SAML 2.0身份验证的Apache模块auth_mellon中发现了几个问题。

cve - 2019 - 3877

  可以在注销时绕过重定向URL检查,因此该模块可以用作开放重定向工具。

cve - 2019 - 3878

  当在Apache配置中使用mod_auth_mellon作为http_proxy模块的远程代理时,可以通过发送SAML ECP头来绕过身份验证。

  这些问题在0.12.0-2+deb9u1版本中得到了修复。

  有关libapache2-mod-auto-mellon的详细安全情况,请参阅其安全跟踪器页面:https://securtracker.debian.org/tracker/libapache2 -mod- auto -mellon

--------------------

Debian Security Advisory DSA-4414-1 libapache2-mod-auth-mellon security update

Package        : libapache2-mod-auth-mellon
CVE ID         : CVE-2019-3877 CVE-2019-3878
Debian Bug     : 925197

Several issues have been discovered in Apache module auth_mellon, which provides SAML 2.0 authentication.

CVE-2019-3877
    It was possible to bypass the redirect URL checking on logout, so the module could be used as an open redirect facility.

CVE-2019-3878
    When mod_auth_mellon is used in an Apache configuration which serves as a remote proxy with the http_proxy module, it was possible to bypass authentication by sending SAML ECP headers.

These problems have been fixed in version 0.12.0-2+deb9u1.

For the detailed security status of libapache2-mod-auth-mellon please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libapache2-mod-auth-mellon

Debian Security Advisory(Debian安全报告) DSA-4414-1 libapache2-mod-auth-mellon security update的更多相关文章

  1. Debian Security Advisory(Debian安全报告) DSA-4416-1 wireshark security update

    Debian Security Advisory(Debian安全报告) DSA-4416-1 wireshark security update Package:wireshark CVE ID : ...

  2. Debian Security Advisory(Debian安全报告) DSA-4415-1 passenger security update

    Debian Security Advisory(Debian安全报告) DSA-4415-1  passenger security update Package : passenger CVE I ...

  3. Debian Security Advisory(Debian安全报告) DSA-4412-1 drupal7 security update

    Debian Security Advisory(Debian安全报告) DSA-4412-1 drupal7 security update Package:drupal7 CVE ID:暂无 Dr ...

  4. Debian Security Advisory(Debian安全报告) DSA-4411-1 firefox-esr security update

    Debian Security Advisory(Debian安全报告) DSA-4411-1  firefox-esr security update Package :firefox-esr CV ...

  5. Debian Security Advisory(Debian安全报告) DSA-4410-1 openjdk-8 security update

    Debian Security Advisory(Debian安全报告) DSA-4410-1 openjdk-8 security update Package :openjdk-8 CVE ID: ...

  6. Debian Security Advisory(Debian安全报告) DSA-4407-1 xmltooling

    Package        : xmltooling CVE ID         : CVE-2019-9628 Ross Geerlings发现xmltools库没有正确处理关于错误(畸形)XM ...

  7. Debian Security Advisory(Debian安全报告) DSA-4406-1 waagent

    Package        : waagentCVE ID         : CVE-2019-0804 Francis McBratney发现Windows Azure Linux代理创建了具有 ...

  8. Debian Security Advisory(Debian安全报告) DSA-4403-1 php7.0

    Package        : php7.0 CVE ID         : 还未申请 在广泛使用的开放源码通用脚本语言PHP中发现了多个安全问题:EXIF扩展存在多个无效内存访问的情况,并且发现 ...

  9. Debian Security Advisory(Debian安全报告) DSA-4404-1 chromium

    Package : chromium CVE ID : CVE-2019-5786 Clement Lecigne在chromium的文件读取器实现中发现了一个use-after-free(释放后重用 ...

随机推荐

  1. CentOS安装Python3.7

    vscode设置python3.7调试环境:https://www.cnblogs.com/dotnetcrazy/p/9095793.html 先下载一下压缩包(FTP传也一样):weget htt ...

  2. Android 架构 -- Room

    gradle依赖: // add for room implementation "android.arch.persistence.room:runtime:1.1.1" // ...

  3. Git同步远程fork的项目

    通过fork创建的项目,如果远程仓库代码进行了更新,本地需要同步的话,可以在git上创建一个上游仓库 步骤 运行git remote add upstream https://github.com/O ...

  4. WIndows下将文件夹映射为磁盘

    subst 盘符 文件夹路径 [/d] 映射 将e:\work映射为z:盘,使用subst z: e:\work 取消映射 取消z盘映射,使用subst z: /d 参考资料:http://mp.we ...

  5. LOJ#2353 货币兑换

    CDQ分治优化斜率优化DP. 有个结论就是每天买完卖完....知道这个之后考虑今天卖的是哪天买的就能写出n²DP了. 发现形式是fi = max(aibj + cidj)的形式.我们可以把ci除出来, ...

  6. ImageMagick: DrawImage(Image*,DrawInfo*) 绘制填充图片时卡住的原因分析

    今天傍晚在测试的时候无意发现有两个动画会卡住,正常情况下,20秒就完成的操作,突然卡住. CPU:95%+,经过30 - 50秒左右后,程序又能正常的向下执行,结果是对的. 这种情况不是每次都发生,有 ...

  7. Command `bundle` unrecognized. Make sure that you have run `npm install` and that you are inside a react-native project.

    呃呃,在写下面的代码时出现的问题,解决办法是npm install或者yarn,如果yarn报错,再npm install就可以了 下面的是携程App首页的样式,有轮播,我没有实现出来 代码如下: / ...

  8. PHP选择排序算法

    说明: 通过假设一个最小数的key,来逐个比较后面的值,如果假设的值大于后面的值,则互换位置. 示例: <?php $a = array(2,13,42,34,56,23,67,365,8766 ...

  9. template specifiers not specified in declaration of ‘template<class Key> class hash’

    尝试写显示特化样例的时候,写了如下代码 #include <iostream> #include <cstddef> using namespace std; #define ...

  10. gitlab 500 服务器错误 重启解决了

    查看状态 sudo gitlab-ctl status # 启动Gitlab所有组件 sudo gitlab-ctl start # 停止Gitlab所有组件 sudo gitlab-ctl stop ...