Security upgrade simplesamlphp to 1.17.7

Bug #1851418 reported by Robert Lyon on 2019-11-05
264
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Mahara
Status tracked in 20.04
18.10
High
Unassigned
19.04
High
Unassigned
19.10
High
Unassigned
20.04
High
Unassigned

Bug Description

From the folks at simplesamlphp:

"We have been made aware of a security issue affecting all SimpleSAMLphp
instances deployed as a service provider (basically, using SimpleSAMLphp
to protect access to your application). This issue has been deemed
critical, and will therefore need an urgent update. We will be releasing
SimpleSAMLphp 1.17.7 during next Wednesday the 6th of November, at a
time yet to be determined. We urge all SimpleSAMLphp users to make sure
they are running the current stable version, so that upgrading to the
new release doesn’t have any side effects, and to be prepared to upgrade
their deployments as soon as the new stable release is published.

The details of the issue are embargoed for the time being, but will be
made public after the bugfix release has been published. CVE 2019-3465
has been assigned to this issue."

Our sites are currently on 1.17.6 so the upgrade should be fairly painless

CVE References

information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers