USN-3520-1: PySAML2 vulnerability
08 January 2018
PySAML2 could allow authentication without a password.
- python-pysaml2 - Pure python implementation of SAML2
It was discovered that PySAML2 incorrectly accepted any password when run
with python optimizations enabled. An attacker could use this issue to
authenticate as any user without a valid password.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.