inc-ops-notifications - [InCommon NOTICE] Fwd: Security issue in SimpleSAMLphp
Subject: InCommon Operations Notifications
List archive
- From: Nick Roy <>
- To: "" <>, "" <>
- Subject: [InCommon NOTICE] Fwd: Security issue in SimpleSAMLphp
- Date: Mon, 4 Nov 2019 21:17:35 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=internet2.edu; dmarc=pass action=none header.from=internet2.edu; dkim=pass header.d=internet2.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Mvx5sutWBlaiD7X8I82MJz7YddUoLvetd1AFEWnCsZ4=; b=jHexaz4qgMCGLsWc1NAf+AOO0vvStYVv2KqpyCGjw/TaX5sUOXemPZsMT3fxCQ/guL1gV3Ldbsxch+978qXi4TRLhpspeqLbPkf8AXbcAIQKkdnvdtrwdLofFswkyq5kevwSXkMPZi20Vk5fg4jCWRUwX8LiUSWmFNeeiqmLDgrEP1hXUxQXaSNS6NloE3iP22lJQJ6ugJgRpx2cMrcD7rdUNKdnfVZTRUCfYvpuycjCoCYMd5on9D6nCZJ8esDw8zPoK74yMptZVhJLa85PzFUsLGAYRXZW/F3GL7yWHWXs0aEEyL3Up9/hKcJC0mUdwUL4XpYCKmh7STVtfovtwQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iZeltHx89i53CFZ4Wy1jurBc9Gqgz+mUYuPXtpxLf8RRVZg/Exz1CuHQ5nJX1AxRe50455QC7CYrtNKQXWzopUwRfpgIpPn9VP9/S3JIrzCeJamxonT7rM5QXcIspDUwJpkCZcRyG9dRbVeLKK+FfHAPlRXEOpU3fAYXCZrTlaVKjbHa75wvzcU5njAUytfy7mO05WNjlcKc19rwe7nYlk4pbhyAXFXMMKm6efBnZdAVL/rMZIrJWAhmj5XPwq8kfjTkE99iXoedOYAqNsyboDheCpmtrZGQKUUl20ByPAt2eGO+BaWWBxsP22Arl2W+P7oFmMpmTWbvSQ42A7GsDw==
Hi all,
If you are running SimpleSAMLphp, please be prepared to run updates on
Wednesday.
Best Regards,
Nick Roy
Director of Technology and Strategy
InCommon
Forwarded message:
> From: 'Jaime Pérez Crespo' via SimpleSAMLphp Announce
> <>
> To:
> Subject: Security issue in SimpleSAMLphp
> Date: Mon, 4 Nov 2019 10:35:50 +0000
>
> Hi all,
>
> We have been made aware of a security issue affecting all SimpleSAMLphp
> instances deployed as a service provider (basically, using SimpleSAMLphp to
> protect access to your application). This issue has been deemed critical,
> and will therefore need an urgent update. We will be releasing
> SimpleSAMLphp 1.17.7 during next Wednesday the 6th of November, at a time
> yet to be determined. We urge all SimpleSAMLphp users to make sure they are
> running the current stable version, so that upgrading to the new release
> doesn’t have any side effects, and to be prepared to upgrade their
> deployments as soon as the new stable release is published.
>
> The details of the issue are embargoed for the time being, but will be made
> public after the bugfix release has been published. CVE 2019-3465 has been
> assigned to this issue.
>
> --
> Jaime Pérez
> Uninett / Feide
>
> PGP: 9A08 EA20 E062 70B4 616B 43E3 562A FE3A 6293 62C2
> https://keybase.io/jaimeperez
>
> "Two roads diverged in a wood, and I, I took the one less traveled by, and
> that has made all the difference."
> - Robert Frost
>
> --
> You received this message because you are subscribed to the Google Groups
> "SimpleSAMLphp Announce" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/simplesamlphp-announce/CF5C6559-AB6B-4BF0-856F-12575251A141%40uninett.no.
Attachment:
signature.asc
Description: OpenPGP digital signature
- [InCommon NOTICE] Fwd: Security issue in SimpleSAMLphp, Nick Roy, 11/04/2019
Archive powered by MHonArc 2.6.19.