A signature-validation bypass issue was discovered in SimpleSAMLphp through
1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as
valid any unsigned SAML response containing more than one signed assertion,
provided that the signature of at least one of the assertions is valid.
Attributes contained in all the assertions received will be merged and the
entityID of the first assertion received will be used, allowing an attacker
to impersonate any user of any IdP given an assertion signed by the
targeted IdP.
Upstream:released (1.15.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.15.2-1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (1.15.2-1)
Ubuntu 19.04 (Disco Dingo):not-affected (1.15.2-1)
Ubuntu 19.10 (Eoan):not-affected (1.15.2-1)
More Information

Updated: 2019-04-26 14:22:08 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)