Fedora alert FEDORA-2010-15970 (php-pear-CAS)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 12 Update: php-pear-CAS-1.1.3-1.fc12 | |
| Date: | Tue, 19 Oct 2010 07:20:54 +0000 | |
| Message-ID: | <20101019072054.F2E4B111705@bastion02.phx2.fedoraproject.org> | |
| Archive‑link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-15970 2010-10-08 19:56:17 -------------------------------------------------------------------------------- Name : php-pear-CAS Product : Fedora 12 Version : 1.1.3 Release : 1.fc12 URL : http://www.ja-sig.org/wiki/display/CASC/phpCAS Summary : Central Authentication Service client library in php Description : This package is a PEAR library for using a Central Authentication Service. -------------------------------------------------------------------------------- Update Information: This release contains 3 security fixes for vulnerabilities in the proxy callback mechanism. These vulnerabilities only affect phpCAS clients that are running in proxy() mode. The release is fully compatible with all versions 1.1.x versions. The changes are: Security Issue * CVE-2010-3690 phpCAS: XSS during a proxy callback [PHPCAS-80] (Joachim Fritschi) * CVE-2010-3691 phpCAS: prevent symlink attacks during a proxy callback [PHPCAS-80] (Joachim Fritschi) * CVE-2010-3692 phpCAS: directory traversal during a proxy callback [PHPCAS-80] (Joachim Fritschi) Bug Fixes * fix broken redirection with safari [PHPCAS-79] (Alex Barker) * fix missing exit() call during ticket validation [PHPCAS-76] (Igor Blanco,Joachim Fritschi) * fix a notice because REQUEST_URL is not defined on IIS [PHPCAS-81] (IƱaki Arenaza) * fix a typo in pgt-db.php [PHPCAS-75] (Julien Cochennec) * removal of the non functional pgt-db backend [PHPCAS-81] (Joachim Fritschi) -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update php-pear-CAS' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...