Login
Newsletter
Werbung

Sicherheit: Cross-Site Scripting in Shibboleth
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in Shibboleth
ID: USN-4925-1
Distribution: Ubuntu
Plattformen: Ubuntu 20.04 LTS
Datum: Fr, 23. April 2021, 07:21
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28963
Applikationen: Shibboleth

Originalnachricht


--===============2150503870764072149==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="l3hCAs5p/o7ECzoa"
Content-Disposition: inline


--l3hCAs5p/o7ECzoa
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4925-1
April 22, 2021

shibboleth-sp vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Shibboleth could be made to display malicious content.

Software Description:
- shibboleth-sp: Federated web single sign-on system

Details:

Toni Huttunen and Fraktal Oy discovered that the Shibboleth Service
provider allowed content injection due to allowing attacker-controlled
parameters in error or other status pages. An attacker could use this to
inject malicious content.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
libapache2-mod-shib 3.0.4+dfsg1-1ubuntu0.1
libshibsp-plugins 3.0.4+dfsg1-1ubuntu0.1
libshibsp8 3.0.4+dfsg1-1ubuntu0.1
shibboleth-sp-common 3.0.4+dfsg1-1ubuntu0.1
shibboleth-sp-utils 3.0.4+dfsg1-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-4925-1
CVE-2021-28963

Package Information:
https://launchpad.net/ubuntu/+source/shibboleth-sp/3.0.4+dfsg1-1ubuntu0.1


--l3hCAs5p/o7ECzoa
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAmCCAO8ACgkQLwmejQBe
gfRrxA//YgPPWHJM2jvrWJjivFZGLnq1GPK6DEgtkd3jWFShjvlUpyq1fvRUa1Vy
eQ2K67H/mPk/xiziEdby+YgwKeNLADgdf0BcMqEEsgUYP9Pu8auyL54HoGHlhMxv
VTrcBMn3j1mp9CnJgMqF2lQUga0jO1HlTtfEaMVZ+uSzkPV9UDZLGZElcM9DT7L9
NPtYKEM6KwBpa2TaPU4G/OJaMjtzfBhnVeDqyEtAJCapTR7Jf2MLg5jI2GyurQCS
xCm2hdb4kM+hfjoJGDwGOKHqUWRJI2Q09q2p7fX3wZG8ygm4HiPQ1Bv4VaTH+IOx
ssDh5uIESqhBfNLwJ2tlEKAmZRjDhCckvYKVY7HlPrt5/V7anSdifLLs64A6Avw1
2yBMtRF85lqzjg13gcQ50GAbgAlTh2WclCTtx/UAsbrDdlNxP1oyA2qOhzw8MYL5
uy5XBrEVZab2z1+tLDYX7tHZa8lfiJ3b8QcNufC5TKQOzIqHGJKJBQyfG1V8YKMv
ZWXlH+tMlVYlT1+ggAcWISNSlnOfYa132Zgi7oBc1KTxAPDaAHS10Sn4xT1CJ8yh
/mdWwhWtGut2cnNLKQB7y8NjV4WEGL4eITnuHt0oM1hELVBrMSC+pTG2GRGORw/7
lXuL4PNDivMnDXnzQEkUE4NLHWs9qrwnQRdheAsBhpA704v4eAw=
=PjBI
-----END PGP SIGNATURE-----

--l3hCAs5p/o7ECzoa--


--===============2150503870764072149==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung