========================================================================== Ubuntu Security Notice USN-4291-1 February 24, 2020 libapache2-mod-auth-mellon vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 - Ubuntu 18.04 LTS Summary: libapache2-mod-auth-mellon could be made to redirect users to malicious sites. Software Description: - libapache2-mod-auth-mellon: SAML 2.0 authentication module for Apache Details: It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: libapache2-mod-auth-mellon 0.14.2-1ubuntu1.19.10.1 Ubuntu 18.04 LTS: libapache2-mod-auth-mellon 0.13.1-1ubuntu0.2 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4291-1 CVE-2019-13038 Package Information: https://launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/0.14.2-1ubuntu1.19.10.1 https://launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/0.13.1-1ubuntu0.2