Login
Newsletter
Werbung
Sicherheit: Mangelnde Prüfung von Signaturen in opensaml
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Signaturen in opensaml
ID: DSA-5879-1
Distribution: Debian
Plattformen: Debian bookworm
Datum: So, 16. März 2025, 21:54
Referenzen: Keine Angabe
Applikationen: OpenSAML

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5879-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 16, 2025                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : opensaml
CVE ID         : not yet available

Alexander Tan discovered that the OpenSAML C++ library was susceptible
to forging of signed SAML messages. For additional details please refer
to the upstream advisory at
https://shibboleth.net/community/advisories/secadv_20250313.txt

For the stable distribution (bookworm), this problem has been fixed in
version 3.2.1-3+deb12u1.

We recommend that you upgrade your opensaml packages.

For the detailed security status of opensaml please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/opensaml

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmfXICAACgkQEMKTtsN8
TjZmyg/9H263wYNCU3wtNVSqbeZzirWnsLWj2EE9RBFIlN0eCanhF7P9seZ37dy5
VXPc/rLNY+WQWnuypz8Rz7c24znrmygRS7b0FXRN5mTGS5jd6fH+StzcMvSYVTps
JZYHvqjd0Fz6IQUjoch+kVPLwDtIH7qMQ1ClKbXRUhXtnn2W72hvrvczmWsHP0e3
zVih4LA22/XOsNsbpEFWNQx9VBbANRl/fMpOsvcpvPW8DaQZ7rzcYCCCXzODv9Rd
S7aGCh8hoj3ZZ0vEuYXmdO+0HS270AgH+n57NFd5anrHdMwRFYow/zTFKjhEveqz
kd8xEbF5W2sN8wSYo9lKCqxh2T2waLTbQXsLkD0iMnhaC+pvWwkvcUDcCygIj3S9
t5A+ezSRM1jIwSmU9unU3FoUF/5h4UaoQw171GsQj939Z3YLei83DSMuOsG3gQ0S
uc0P4Rs4mUAE6ZQtJxz3DR4u07Pn7fatUVBJTmgUxioR2/Wxy9OWXVb3mW5AZEzy
GsE4/1CbwQU84GZhweJ2fer6Ack9/bmVBL0VBcDG7JDMb3ZPj7FIwsoRCz82s1AT
TitGr50EyOMQjGikwiAvDEDZjer2wa/clkgOU5og10e7PfYgQliTE7/AXlI5Kpn0
UxFEQDOTjFMiZKKv6j0VAz+ScVXpj44R/lxLByKVCq/SCZaIygc=
=psIo
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung