Fedora 17 : php-pear-CAS-1.3.0-2.fc17 (2012-3903)

medium Nessus Plugin ID 58689

Synopsis

The remote Fedora host is missing a security update.

Description

Upstream changelog

Changes in version 1.3.0

Bug Fixes :

- the saml logout url should be parsed urlencoded [#24] (dlineate)

- fix a proxy mode bug introduced in a previous comitt [#16] (Adam Franco)

- Fix include_path order so that the phpCAS path takes precedence [#13] (Adam Franco)

- fix invalid characters in the php session naming [#17] (Joachim Fritschi)

- fix an initialisation problem introduced in the PGT storage [18] (Daniel Frett)

- make sure the PGTStorage object is initialized if a user is utilizing the createTable method [#4] (Daniel Frett)

- Fix error message in phpCAS::setCacheTimesForAuthRecheck() [PHPCAS-132/#1] (Bradley Froehle)

- Always return attributes in utf8 [PHPCAS-102]

- Fix warning during debugging if debug is set to false [PHPCAS-123] (Sean Watkins)

New Features :

- Add a script to create the PGT db table in proxy mode [#11] (Joachim Fritschi)

- Switch to the Apache License [#5] (Adam Franco, Joachim Fritschi)

- Move to github and add all necessary file to package [#12] (Adam Franco)

- New build process for github [#12] (Adam Franco)

- Update unit tests to work with the lastest phpunit version [PHPCAS-128] (Adam Franco)

- Refacatoring of the protocol decision making to allow validation of proxied usage [PHPCAS-69] (Joachim Fritschi, Adam Franco)

- Rebroadcast of logout and pgtiou to support clustered phpcas [PHPCAS-100] (Matthew Selwood, Adam Franco)

Improvements :

- Improved cookie handling [] (Adam Franco

- Indent, format and user name guidelines of PEAR [#14] (Joachim Fritschi)

- Add a class autoloading feature [PHPCAS-125/#8] (Joachim Fritschi)

- Remove global variables [PHPCAS-126] (Adam Franco)

- Implementation of an exception framework to allow gracefull termination [PHPCAS-109] (Joachim Fritschi)

- enable single sign-out when session has already started [#29] (Benvii) Security Fixes :

- CVE-2012-1104 validate proxied usage of a service [PHPCAS-69] (Joachim Fritschi, Adam Franco)

- CVE-2012-1105 change the default PGT save path to the session storage path and set proper permissions [#22] (Joachim Fritschi)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php-pear-CAS package.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=801343

https://bugzilla.redhat.com/show_bug.cgi?id=801347

http://www.nessus.org/u?70ce0d95

Plugin Details

Severity: Medium

ID: 58689

File Name: fedora_2012-3903.nasl

Version: 1.12

Type: local

Agent: unix

Published: 4/12/2012

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:17, p-cpe:/a:fedoraproject:fedora:php-pear-cas

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/16/2012

Reference Information

CVE: CVE-2012-1104, CVE-2012-1105

BID: 52279, 52280

FEDORA: 2012-3903