drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in shibboleth-sp2
Name: |
Mangelnde Rechteprüfung in shibboleth-sp2 |
|
ID: |
DSA-4038-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie, Debian stretch |
|
Datum: |
Fr, 17. November 2017, 08:16 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16852 |
|
Applikationen: |
Shibboleth |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4038-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 16, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : shibboleth-sp2 CVE ID : CVE-2017-16852 Debian Bug : 881857
Rod Widdowson of Steading System Software LLP discovered a coding error in the "Dynamic" metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.
For the oldstable distribution (jessie), this problem has been fixed in version 2.5.3+dfsg-2+deb8u1.
For the stable distribution (stretch), this problem has been fixed in version 2.6.0+dfsg1-4+deb9u1.
We recommend that you upgrade your shibboleth-sp2 packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAloOARpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RFRRAAno8d8GNe1UlI2rMaXfvWfbD4iJLjHY0BbsRr5QcARAQwwAYegBrGtL5S J5iCiVB+/6xxDeGzInAkGjZfQV2hcWob1fliNDGTExme0QpQIEyjoPQi9G4iWtJ2 J19tuh/tlXKsmWr/qD90T4ARAxtOMMJlTzHCj/MP0LCB6FKOIccIfXqdx3qhmUDg 2RZYW94EM7P4p6EdTKr7doYICpD5wT5glDWSuvIDcuPipjjQqfRdz9LRwrTcgOPZ l4pYAOpkhMjhMZRGdeqKsVgTA3lctbWHgg7j+ha6YgFPg2VUjC9wUbFNNUcVWTM0 TACZYcSgOw1Fh+N7JvzHbyXX/0sYg+blQbccL+in/fGgrxbSlUS8B4T0FgGEBdRk F/beEdFkMm2xj3/H3X6vO8tv6YB9awJ6NseX/LT4olJ/kvNDCaYG1k3XsVFQfaA6 9a1xNfNmIt2Vc8FiIzq/cbw5+D0eSncmLd/RMEBX0fDioXNuqZEQrUShhVSCoCGJ u8c29+oGjBuCaNsBg3b4hifHUnV1/n2XAferag3zLuxSdaaZa+TwkF2QgDsEx8p9 0x8aW5garNMGWkWjkkhtjxPS4Q712TXw8uvRxBZhvPemer9hs10unMcuEoP18CqO esmBbSENS9Uic1BkfD53rMdw9vd0dUo4mMFlLK0nAM/eAEnnbOk= =6UGd -----END PGP SIGNATURE-----
|
|
|
|