drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in PySAML2
Name: |
Mangelnde Rechteprüfung in PySAML2 |
|
ID: |
USN-3520-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 17.04, Ubuntu 17.10 |
|
Datum: |
Mo, 8. Januar 2018, 23:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000433 |
|
Applikationen: |
PySAML2 |
|
Originalnachricht |
--===============6978737594723299897== Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-VGxFQDcDlHTx2bilDHhw"
--=-VGxFQDcDlHTx2bilDHhw Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3520-1 January 08, 2018
python-pysaml2 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10 - Ubuntu 17.04 - Ubuntu 16.04 LTS
Summary:
PySAML2 could allow authentication without a password.
Software Description: - python-pysaml2: Pure python implementation of SAML2
Details:
It was discovered that PySAML2 incorrectly accepted any password when run with python optimizations enabled. An attacker could use this issue to authenticate as any user without a valid password.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.10: python-pysaml2 3.0.0-3ubuntu2.2 python3-pysaml2 3.0.0-3ubuntu2.2
Ubuntu 17.04: python-pysaml2 3.0.0-3ubuntu1.17.04.3 python3-pysaml2 3.0.0-3ubuntu1.17.04.3
Ubuntu 16.04 LTS: python-pysaml2 3.0.0-3ubuntu1.16.04.3 python3-pysaml2 3.0.0-3ubuntu1.16.04.3
In general, a standard system update will make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3520-1 CVE-2017-1000433
Package Information: https://launchpad.net/ubuntu/+source/python-pysaml2/3.0.0-3ubuntu2.2 https://launchpad.net/ubuntu/+source/python-pysaml2/3.0.0-3ubuntu1.17.04.3 https://launchpad.net/ubuntu/+source/python-pysaml2/3.0.0-3ubuntu1.16.04.3
--=-VGxFQDcDlHTx2bilDHhw Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAABCAAGBQJaU6t+AAoJEEW851uECx9pUl4P+wYSFYclcr1by+HoaD+T6fkc WfQMI1n5NqxxMNGVVMPt4tD7ZE9TLrUbu2gsaGmv+9+7o5RA4cskAOUFXsxAkvPB B0tOVkNcoxanqeJdK+Ge25oNliwd2U2NCaWXdiiSFP9piDhdqBGW0kkwrJ0ZZ+tg D6cA7dZ3BkBjTAmxYGzOmag4wXVUp8o+u3oalta8DS+UxF8DZavmqktrOpIjT38B Mypx5Afv/pDcedUPKutmqwRMelH0za4iIy1p6ISkUW/IIKqmqIL/1g1u4/xzxrO9 ubi3o85yFcOLc/57XYjnhGT0fDNqGj05SbHQKqjxpnazcERar7yTPVPy42rM3DGW F1cQX/R2eED5n/ea2wjcddpDQEIRfES2tj3omxVHQEXF1GB+jMZt6h2RFc5MHaUL OXe/3LS9qMcq07xUw3R71FDHZZjFd5ttzRzsw4MTR6/uKzHoAAYGgZbXVYDkyy3e Y8Zw6QjrNT29onritf5jrugs2lewJlUkpgsBuYBQD5n57M3sZXM3xSPWXHBgdbqV uYCl+dAm9FpMVG8BucAvbeYO7zuMaoesJVeVVkm8ui+KpXnXuRZk5+gbFw3VSxPA Y0ccA2H4LR9Z9oW9OIVCQq0d5r3SKTx3pYlFVKUjK1HV2SysdeRJr4meg9ryLryU v1vRGnNM3pwhv6njIMVT =ujco -----END PGP SIGNATURE-----
--=-VGxFQDcDlHTx2bilDHhw--
--===============6978737594723299897== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============6978737594723299897==--
|
|
|
|