SimpleID

Normally, SimpleID security advisories only relate to vulnerabilities found in the SimpleID software. However, due to the seriousness of this vulnerability, it is reposted here to assist in wide dissemination. Description A security vulnerability ... [More] has been reported for the OpenSSL cryptographic library (CVE-2014-0160), popularly known as the Heartbleed Bug. The vulnerability allows access to sensitive information including user names and passwords entered by users, as well as the private key used to secure communication with the web server. OpenSSL is used by many web servers to provide SSL/TLS encryption. If you use SSL/TLS (HTTPS) to encrypt your connection to the SimpleID server, and your web server uses OpenSSL, you may be vulnerable to this attack. Versions affected All versions of SimpleID, if SimpleID is accessed using SSL/TLS (HTTPS) and the web server uses OpenSSL for SSL/TLS encryption Solution Update your web server software. Further instructions for various Linux distributions can be found below. Debian Fedora Red Hat Linux Ubuntu Revoke old SSL certificates Install new SSL certificates with a new private key Clear the SimpleID cache directory Change the password store in all users’ identity files Further information OpenSSL announcement Heartbleed.com [Less]

Normally, SimpleID security advisories only relate to vulnerabilities found in the SimpleID software. However, due to the seriousness of this vulnerability, it is reposted here to assist in wide dissemination. Description A security vulnerability ... [More] has been reported for the OpenSSL cryptographic library (CVE-2014-0160), popularly known as the Heartbleed Bug. The vulnerability allows access to sensitive information including user names and passwords entered by users, as well as the private key used to secure communication with the web server. OpenSSL is used by many web servers to provide SSL/TLS encryption. If you use SSL/TLS (HTTPS) to encrypt your connection to the SimpleID server, and your web server uses OpenSSL, you may be vulnerable to this attack. Versions affected All versions of SimpleID, if SimpleID is accessed using SSL/TLS (HTTPS) and the web server uses OpenSSL for SSL/TLS encryption Solution Update your web server software. Further instructions for various Linux distributions can be found below. Debian Fedora Red Hat Linux Ubuntu Revoke old SSL certificates Install new SSL certificates with a new private key Clear the SimpleID cache directory Change the password store in all users’ identity files Further information OpenSSL announcement Heartbleed.com [Less]

Normally, SimpleID security advisories only relate to vulnerabilities found in the SimpleID software. However, due to the seriousness of this vulnerability, it is reposted here to assist in wide dissemination. Description A security vulnerability ... [More] has been reported for the OpenSSL cryptographic library (CVE-2014-0160), popularly known as the Heartbleed Bug. The vulnerability allows access to sensitive information including user names and passwords entered by users, as well as the private key used to secure communication with the web server. OpenSSL is used by many web servers to provide SSL/TLS encryption. If you use SSL/TLS (HTTPS) to encrypt your connection to the SimpleID server, and your web server uses OpenSSL, you may be vulnerable to this attack. Versions affected All versions of SimpleID, if SimpleID is accessed using SSL/TLS (HTTPS) and the web server uses OpenSSL for SSL/TLS encryption Solution Update your web server software. Further instructions for various Linux distributions can be found below. Debian Fedora Red Hat Linux Ubuntu Revoke old SSL certificates Install new SSL certificates with a new private key Clear the SimpleID cache directory Change the password store in all users’ identity files Further information OpenSSL announcement Heartbleed.com [Less]

Normally, SimpleID security advisories only relate to vulnerabilities found in the SimpleID software. However, due to the seriousness of this vulnerability, it is reposted here to assist in wide dissemination. Description A security vulnerability ... [More] has been reported for the OpenSSL cryptographic library (CVE-2014-0160), popularly known as the Heartbleed Bug. The vulnerability allows access to sensitive information including user names and passwords entered by users, as well as the private key used to secure communication with the web server. OpenSSL is used by many web servers to provide SSL/TLS encryption. If you use SSL/TLS (HTTPS) to encrypt your connection to the SimpleID server, and your web server uses OpenSSL, you may be vulnerable to this attack. Versions affected All versions of SimpleID, if SimpleID is accessed using SSL/TLS (HTTPS) and the web server uses OpenSSL for SSL/TLS encryption Solution Update your web server software. Further instructions for various Linux distributions can be found below. Debian Fedora Red Hat Linux Ubuntu Revoke old SSL certificates Install new SSL certificates with a new private key Clear the SimpleID cache directory Change the password store in all users’ identity files Further information OpenSSL announcement Heartbleed.com [Less]

Advisory ID:  SA-2014-1 Version:  all versions ... [More] Security risk:  Highly critical Exploitable from:  Remote Vulnerability:  Memory leak in OpenSSL library Normally, SimpleID security advisories only relate to vulnerabilities found in the SimpleID software. However, due to the seriousness of this vulnerability, it is reposted here to assist in wide dissemination. Description A security vulnerability has been reported for the OpenSSL cryptographic library (CVE-2014-0160), popularly known as the Heartbleed Bug. The vulnerability allows access to sensitive information including user names and passwords entered by users, as well as the private key used to secure communication with the web server. OpenSSL is used by many web servers to provide SSL/TLS encryption. If you use SSL/TLS (HTTPS) to encrypt your connection to the SimpleID server, and your web server uses OpenSSL, you may be vulnerable to this attack. read more [Less]

Version 0.8.5 of SimpleID, a simple, personal OpenID provider written in PHP, has been released. Upgrading to version 0.8.5 is strongly recommended. To download, go to the download page. Please note that while the software may work, it may also ... [More] have gaping security holes and other nasty bugs. Use at your own risk. What’s new in SimpleID 0.8.5 The version mainly targets bug fixes. Fixes issue introduced in version 0.8.4 regarding enhanced compatibility with Suhosin Fixes to the syntax warnings in newer versions of PHP For further details on the enhancements, please see the milestone page for this release. Installing and Upgrading If you are upgrading from an earlier version of SimpleID, please read: the general upgrade instructions on this web site; and UPGRADE.txt included in the distribution for upgrade instructions. Known Issues Please note that while the software may work, it may also have gaping security holes and other nasty bugs. Use at your own risk. Support SimpleID If you enjoy using SimpleID, please consider making a donation to support the ongoing development work. To find out more on how to donate, visit the donation page. Your donation is very much appreciated. [Less]

Version 0.8.5 of SimpleID, a simple, personal OpenID provider written in PHP, has been released. Upgrading to version 0.8.5 is strongly recommended. To download, go to the download page. Please note that while the software may work, it may also ... [More] have gaping security holes and other nasty bugs. Use at your own risk. What’s new in SimpleID 0.8.5 The version mainly targets bug fixes. Fixes issue introduced in version 0.8.4 regarding enhanced compatibility with Suhosin Fixes to the syntax warnings in newer versions of PHP For further details on the enhancements, please see the milestone page for this release. Installing and Upgrading If you are upgrading from an earlier version of SimpleID, please read: the general upgrade instructions on this web site; and UPGRADE.txt included in the distribution for upgrade instructions. Known Issues Please note that while the software may work, it may also have gaping security holes and other nasty bugs. Use at your own risk. Support SimpleID If you enjoy using SimpleID, please consider making a donation to support the ongoing development work. To find out more on how to donate, visit the donation page. Your donation is very much appreciated. [Less]

Version 0.8.5 of SimpleID, a simple, personal OpenID provider written in PHP, has been released. Upgrading to version 0.8.5 is strongly recommended. To download, go to the download page. Please note that while the software may work, it may also ... [More] have gaping security holes and other nasty bugs. Use at your own risk. What’s new in SimpleID 0.8.5 The version mainly targets bug fixes. Fixes issue introduced in version 0.8.4 regarding enhanced compatibility with Suhosin Fixes to the syntax warnings in newer versions of PHP For further details on the enhancements, please see the milestone page for this release. Installing and Upgrading If you are upgrading from an earlier version of SimpleID, please read: the general upgrade instructions on this web site; and UPGRADE.txt included in the distribution for upgrade instructions. Known Issues Please note that while the software may work, it may also have gaping security holes and other nasty bugs. Use at your own risk. Support SimpleID If you enjoy using SimpleID, please consider making a donation to support the ongoing development work. To find out more on how to donate, visit the donation page. Your donation is very much appreciated. [Less]

Download SimpleID 0.8.5 Version 0.8.5 of SimpleID, a simple, personal OpenID provider written in PHP, has been released. Upgrading to version 0.8.5 is strongly recommended. To download, go to ... [More] the download page. Please note that while the software may work, it may also have gaping security holes and other nasty bugs. Use at your own risk. read more [Less]

Version 0.8.4 of SimpleID, a simple, personal OpenID provider written in PHP, has been released. Upgrading to version 0.8.4 is strongly recommended. To download, go to the download page. Please note that while the software may work, it may also ... [More] have gaping security holes and other nasty bugs. Use at your own risk. What’s new in SimpleID 0.8.4 The version mainly targets bug fixes. Enhanced compatibility with Suhosin Fixes to the PEAR package User interface improvements, with fixes to links to the SimpleID web site. For further details on the enhancements, please see the milestone page for this release. Installing and Upgrading If you are upgrading from an earlier version of SimpleID, please read: the general upgrade instructions on this web site; and UPGRADE.txt included in the distribution for upgrade instructions. Known Issues Please note that while the software may work, it may also have gaping security holes and other nasty bugs. Use at your own risk. Support SimpleID If you enjoy using SimpleID, please consider making a donation to support the ongoing development work. To find out more on how to donate, visit the donation page. Your donation is very much appreciated. [Less]