GLSA-201801-11 : PySAML2: Security bypass
Medium Nessus Plugin ID 105755
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201801-11 (PySAML2: Security bypass)
It was found that the PySAML2 relies on an assert statement to check the user’s password. A python optimizations might remove this assertion.
A remote attacker could bypass security restrictions and access any application which is using PySAML2 for authentication.
Disable python optimizations.
SolutionAll PySAML2 4.0 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-python/pysaml2-4.0.2-r3' All PySAML2 4.5 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-python/pysaml2-4.5.0'