Package "libapache2-mod-auth-mellon"

Name: libapache2-mod-auth-mellon


SAML 2.0 authentication module for Apache

Latest version: 0.13.1-1ubuntu0.2
Release: bionic (18.04)
Level: updates
Repository: main
Homepage: https://github.com/UNINETT/mod_auth_mellon


Save this URL for the latest version of "libapache2-mod-auth-mellon": https://www.ubuntuupdates.org/libapache2-mod-auth-mellon

Download "libapache2-mod-auth-mellon"

Other versions of "libapache2-mod-auth-mellon" in Bionic

Repository Area Version
base main 0.13.1-1build2
security main 0.13.1-1ubuntu0.2


Version: 0.13.1-1ubuntu0.2 2020-02-24 17:06:42 UTC

  libapache2-mod-auth-mellon (0.13.1-1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: open redirect issue
    - debian/patches/CVE-2019-13038-1.patch: prevent schemes without
      hostname in auth_mellon_util.c.
    - debian/patches/CVE-2019-13038-2.patch: add error message in
    - CVE-2019-13038

 -- Marc Deslauriers <email address hidden> Fri, 22 Nov 2019 12:44:27 -0500

Source diff to previous version
CVE-2019-13038 mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target U

Version: 0.13.1-1ubuntu0.1 2019-03-28 15:06:35 UTC

  libapache2-mod-auth-mellon (0.13.1-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Open redirect in logout
    - debian/patches/CVE-2019-3877.patch: fix in
    - CVE-2019-3877
  * SECURITY UPDATE: Authentication bypass
    - debian/patches/CVE-2019-3878.patch: fix in
    - CVE-2019-3878

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 27 Mar 2019 10:36:21 -0300

CVE-2019-3877 A vulnerability was found in mod_auth_mellon before v0.14.2. An open r ...
CVE-2019-3878 A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let

About   -   Send Feedback to @ubuntu_updates