SECURITY UPDATE |  |
| Release Date: | 2014-06-27 (Last update can be found below the document title) |
| Description: | Vulnerability in Ruby's implementation of SAML |
| Criticality Level: | Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical ) |
| Impact: |
|
| Systems Affected: | CanvasLMS |
| Solution Status: | Patched |
| Discovered By: | Vladislav Mladenov, Christian Mainka, Florian Feldmann and Julian Krautwald Horst Görtz Institute for IT-Security,http://www.nds.rub.de/chair/news/RelevantChangesetshttps://github.com/instructure/canvas-lms/commit/... |
| Relevant Changesets: | https://github.com/instructure/canvas-lms/commit/034cae39cc84ec924b4322cfb5fd7ea0fa89c56b |
Summary:
A vulnerability exists within version 0.1.28 of the ruby-saml-mod Ruby gem. This vulnerability could potentially allow for information leakage if the correct set of circumstances were present. This vulnerability is fixed in version 0.1.29 of the Ruby gem.
Status:
Fixed in Canvas Cloud as of 6/27/2014. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually.
