Debian: DSA-4414-1: libapache2-mod-auth-mellon security update
Several issues have been discovered in Apache module auth_mellon, which provides SAML 2.0 authentication. CVE-2019-3877
Several issues have been discovered in Apache module auth_mellon, which provides SAML 2.0 authentication. CVE-2019-3877
This update addresses various overflow conditions that could result in possible memory read/write out of bounds errors or zero byte allocations when connected to a malicious server.
**Version 2.7.2** (2019-03-12) * added TemplateWrapper::getTemplateName() —- **Version 2.7.1** (2019-03-12) * fixed class aliases —- **Version 2.7.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array keys when fill
**Version 1.38.2** (2019-03-12) * added TemplateWrapper::getTemplateName() —- **Version 1.38.1** (2019-03-12) * fixed class aliases —- **Version 1.38.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array
Backport a security fix from PuTTY 0.71 affecting SFTP connections: Fix an integer overflow in the RSA key exchange preceeding host key verification
59 queries. 8.75 mb Memory usage. 1.261 seconds.