DSA-4905-1 shibboleth-sp -- shibboleth-spID: oval:org.secpod.oval:def:71643 | Date: (C)2021-05-07 (M)2021-05-05 |
Class: PATCH | Family: unix |
It was discovered that the Shibboleth Service Provider is prone to a NULL pointer dereference flaw in the cookie-based session recovery feature. A remote, unauthenticated attacker can take advantage of this flaw to cause a denial of service . For additional information please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20210426.txt