DSA-4905-1 shibboleth-sp -- shibboleth-spID: oval:org.secpod.oval:def:71607 | Date: (C)2021-05-03 (M)2021-05-05 |
Class: PATCH | Family: unix |
It was discovered that the Shibboleth Service Provider is prone to a NULL pointer dereference flaw in the cookie-based session recovery feature. A remote, unauthenticated attacker can take advantage of this flaw to cause a denial of service . For additional information please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20210426.txt
Product: |
libshibsp-doc |
shibboleth-sp2-common |
shibboleth-sp2-utils |
libapache2-mod-shib |
libshibsp-plugins |
libshibsp-dev |
shibboleth-sp-common |
libshibsp8 |
shibboleth-sp-utils |