Bug 1553357 (CVE-2018-7711)

Summary: CVE-2018-7711 php-simplesamlphp-saml2: Authentication Bypass in the signature validation utilities
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: psampaio, shawn
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: simplesamlphp-saml2 3.1.4, simplesamlphp-saml2 2.3.8, simplesamlphp-saml2 1.10.6 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-23 13:20:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1553358, 1553359    
Bug Blocks:    

Description Pedro Sampaio 2018-03-08 18:09:58 UTC 
Affected versions of this package are vulnerable to Authentication Bypass. An incorrect check of return values in the signature validation utilities allows an attacker to get invalid signatures accepted as valid by forcing an error during validation.

Upstream patch:

https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d

References:

https://snyk.io/vuln/SNYK-PHP-SIMPLESAMLPHPSAML2-72102
Comment 1 Pedro Sampaio 2018-03-08 18:11:06 UTC 
Created php-simplesamlphp-saml2 tracking bugs for this issue:

Affects: fedora-all [bug 1553358]
Affects: epel-all [bug 1553359]
Comment 2 Shawn Iwinski 2018-04-23 04:37:32 UTC 
All dependent bugs are closed.  Please close.