Copy

SECURITY
 
ADVISORY
7 May 2021

ATTN: SP Admins

Shibboleth recently announced a Service Provider vulnerability which exposes the software to denial-of-service attacks.

Shibboleth has advised that this vulnerability was of moderate severity.

Affected Versions
• All subscribers who run Shibboleth SP (version 3.2.1 or older) in the Federation 
Recommended Action
• Upgrade Shibboleth SP to version 3.2.2+

Please note that Rapid Connect (https://rapid.aaf.edu.au/) users are already protected and no further action is required.

Upgrading Shibboleth SP can be achieved by software package update (e.g. yum, apt, rpm, depending on distribution) or manual install via https://shibboleth.net/downloads/service-provider/ 

Shibboleth Security Advisory
View the official security advisory: https://shibboleth.net/community/advisories/secadv_20210426.txt
Details about all versions / known vulnerabilities:  https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories


Please contact support@aaf.edu.au if you have any questions or concerns about this advisory and update.
 



Kind regards,
AAF Support

Copyright © 2021 Australian Access Federation Ltd, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Twitter
Twitter
AAF Website
AAF Website
YouTube
YouTube
LinkedIn
LinkedIn