Errata overview
Errata ID 195
Date 2019-07-24
Source package simplesamlphp
Fixed in version 1.16.3-1A~
This update addresses the following issues:
* SimpleSAMLphp has been updated to version 1.16.3.
* HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has
  an incorrect check of return values in the signature validation utilities,
  allowing an attacker to get invalid signatures accepted as valid by
  forcing an error during validation. This occurs because of a dependency
  on PHP functionality that interprets a -1 error code as a true boolean
  value. (CVE-2018-7711)
* SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open
  redirect protection mechanism via crafted authority data in a URL.
* The (1) Htpasswd authentication source in the authcrypt module and (2)
  SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote
  attackers to conduct timing side-channel attacks by leveraging use of the
  standard comparison operator to compare secret material against user input.
* SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle
  attackers to obtain sensitive information by leveraging use of the
  aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class
  to protect session identifiers in replies to non-HTTPS service providers.
* The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp
  1.14.x through 1.14.11 makes it easier for context-dependent attackers to
  bypass the encryption protection mechanism by leveraging use of the first
  16 bytes of the secret key as the initialization vector (IV).
Additional notes
CVE ID CVE-2017-12871
UCS Bug number #48961