ipsilon (SL7)

Synopsis: Important: ipsilon security update
Advisory ID: SLSA-2016:2809-1
Issue Date: 2016-11-21
CVE Numbers: CVE-2016-8638

Security Fix(es):

* A vulnerability was found in ipsilon in the SAML2 provider’s handling of
sessions. An attacker able to hit the logout URL could determine what
service providers other users are logged in to and terminate their
sessions. (CVE-2016-8638)

This issue was discovered by Patrick Uiterwijk (Red Hat) and Howard

– Scientific Linux Development Team