Oval Definition:oval:com.redhat.rhsa:def:20141803
Revision Date:2014-11-05Version:640
Title:RHSA-2014:1803: mod_auth_mellon security update (Important)
Description:mod_auth_mellon provides a SAML 2.0 authentication module for the Apache HTTP Server.

  • An information disclosure flaw was found in mod_auth_mellon's session handling that could lead to sessions overlapping in memory. A remote attacker could potentially use this flaw to obtain data from another user's session. (CVE-2014-8566)

  • It was found that uninitialized data could be read when processing a user's logout request. By attempting to log out, a user could possibly cause the Apache HTTP Server to crash. (CVE-2014-8567)

    Red Hat would like to thank the mod_auth_mellon team for reporting these issues. Upstream acknowledges Matthew Slowe as the original reporter of CVE-2014-8566.

    All users of mod_auth_mellon are advised to upgrade to this updated package, which contains a backported patch to correct these issues.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2014-8566
    CVE-2014-8567
    RHSA-2014:1803
    RHSA-2014:1803-00
    RHSA-2014:1803-02
    Platform(s):Red Hat Enterprise Linux 6
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND mod_auth_mellon is earlier than 0:0.8.0-3.el6_6
  • AND mod_auth_mellon is signed with Red Hat redhatrelease2 key
  • BACK