drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Eingabeprüfung in xmltooling
Name: |
Mangelnde Eingabeprüfung in xmltooling |
|
ID: |
DSA-4126-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie, Debian stretch |
|
Datum: |
Di, 27. Februar 2018, 22:55 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0489 |
|
Applikationen: |
OpenSAML |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4126-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 27, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : xmltooling CVE ID : CVE-2018-0489
Kelby Ludwig and Scott Cantor discovered that the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to incorrect XML parsing. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20180227.txt
For the oldstable distribution (jessie), this problem has been fixed in version 1.5.3-2+deb8u3.
For the stable distribution (stretch), this problem has been fixed in version 1.6.0-4+deb9u1.
We recommend that you upgrade your xmltooling packages.
For the detailed security status of xmltooling please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xmltooling
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqVwHpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SmSQ//bQSbS9OIsVPDwdq+6sWrDKqzIfjWDR+F9G/G0/CkrG/08BngwM/pGliO JRJlbBMwZJResuRl/VRGccLTQ2RFgPjcksXQlPnbJ5j2Q0DDMRj4KWeZnwFkLohJ FVmJvUGl3awlu72XmbYJYIkXnu50PjM3tIQox28UGaq4D1o+SEjC8/BGUEB93vc3 4Kyxe6801qzq7958JDs0AURI2XRAGPBQ3mgfqgivP/tlrc4PgHGBxu1kZhZBVHYg VMh97N22NrN8mCOWAD2YWUXww420oUrjP2CW5l2uOSU7PTLvAZ8Mde0iac7BagQz mqR0O0OKfcdPL5GelwdGmgSVzFUuC1wayvmpGtTbXSQnH/ycnilM6OKTtsqkyPol MQiEUN6BwAUEDxM0vWWniA3SVzlJZZDWYxyNPRnuADSqEVZ/f7aX/PXyc+yt3OJx 3eVYbU6pxF67eUCKr/wGeqOk/RtBQR7D+a4Swiqr9jilqOkCEF4FPbvJtm/NEYL2 gZlmkb1/WRkpnqvKoT44h5K/sXIalsDhzZnmOgCIEp0Uuh8OIm/pZEcV9seSLsjR Fwj4Obq2135armau4FLT9b+d2FlR4B3NSVQ23ORK+8Ez99wdBeBDOGIBNqpagU3c chMO0XNTwRuDR4XUotpPyu1G5VxZj/pktKWFf325viN5YDMUxS4= =h2EY -----END PGP SIGNATURE-----
|
|
|
|