simpleSAMLphp-1.8.2 security update is available

44 views
Skip to first unread message

Olav Morken

unread,
Jan 10, 2012, 8:59:21 AM1/10/12
to simplesamlp...@googlegroups.com, simple...@googlegroups.com
This is a security fix for a couple of user-assisted cross site
scripting vulnerabilities in simpleSAMLphp.

By tricking the user into accessin a page with a specially crafter URL,
and then having the user click on a link on that page, it is possible
to execute javascript in the context of that user at that site.

Thanks to Google Code user timtai1 for alerting us to this problem:

http://code.google.com/p/simplesamlphp/issues/detail?id=468


Version 1.8.2 can be downloaded from:

http://simplesamlphp.googlecode.com/files/simplesamlphp-1.8.2.tar.gz

SHA1SUM:

58c524c3e16f958b774a1d890de85b8eef5917dd simplesamlphp-1.8.2.tar.gz


Older releases:

We have only released an update for version 1.8. If there is interest,
we can also create updates / patches for older releases. Please let us
know if you are interested in this.

(The changes to fix this are also relatively self-contained and easy to
backport. See the changes in r3008 and r3009.)


Best regards,
Olav Morken
UNINETT / Feide

Reply all
Reply to author
Forward
0 new messages