1.6.3 Security Release
Print
Modified on: Mon, 17 May, 2021 at 1:40 PM
Impact
The nonce values included in Authentication Requests sent by Singularity Enterprise may not contain sufficient entropy as specified by the OpenID Connect Core 1.0 specification, due to a deficiency in the github.com/satori/go.uuid module used to generate nonce values.
Patches
A patch is available in versions 1.2 through 1.6 of Singularity Enterprise, and customers are encouraged to upgrade. The patch is included in the following versions:
- 1.2.6
- 1.3.4
- 1.4.4
- 1.5.4
- 1.6.3
Workarounds
No remediation is available, customers are encouraged to upgrade to a patched version.
References
For more information
If you have any questions or comments about this advisory, please contact [email protected].
Did you find it helpful?
Yes
No
Send feedback Sorry we couldn't be helpful. Help us improve this article with your feedback.
Impact
The nonce values included in Authentication Requests sent by Singularity Enterprise may not contain sufficient entropy as specified by the OpenID Connect Core 1.0 specification, due to a deficiency in the github.com/satori/go.uuid module used to generate nonce values.
Patches
A patch is available in versions 1.2 through 1.6 of Singularity Enterprise, and customers are encouraged to upgrade. The patch is included in the following versions:
Workarounds
No remediation is available, customers are encouraged to upgrade to a patched version.
References
For more information
If you have any questions or comments about this advisory, please contact [email protected].