drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Signaturen in python-pysaml2
| Name: |
Mangelnde Prüfung von Signaturen in python-pysaml2 |
|
| ID: |
DSA-4630-1 |
|
| Distribution: |
Debian |
|
| Plattformen: |
Debian stretch, Debian buster |
|
| Datum: |
Sa, 22. Februar 2020, 01:13 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5390 |
|
| Applikationen: |
python-pysaml2 |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4630-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 21, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : python-pysaml2
CVE ID : CVE-2020-5390
It was discovered that pysaml2, a Python implementation of SAML to be
used in a WSGI environment, was susceptible to XML signature wrapping
attacks, which could result in a bypass of signature verification.
For the oldstable distribution (stretch), this problem has been fixed
in version 3.0.0-5+deb9u1.
For the stable distribution (buster), this problem has been fixed in
version 5.4.1-2+deb10u1.
We recommend that you upgrade your python-pysaml2 packages.
For the detailed security status of python-pysaml2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-pysaml2
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5QOy0ACgkQEMKTtsN8
TjatdhAAhFF5yji3kWNPKqsij0i4/Beyf5dw4oh0+muu4C2xrr5vWrJBMoCBqeBz
oeIxvRgl43MBJGJ2K+VzgAsJ7g7s1TswbZS0HsjVi9AwjcGxuiZGsskre1Bn7dwN
0bx8LIRwv5LMufLgbViSnAp1qWhbk4bdhg8bTrTjXcFr/bAvpQJ7XnNpqH3x3vWM
ihAwlld7tKYObnqDIwFnZJJsoRhKSoR8NNCed/O9aWk2VaBPj7OCu1OuF8RInQ32
1bwdu45c9icdgFzgubyslp4U7fLb2Nv2DyfsjUWnRcBmkvs4mrjJfSPkKIFNS5iX
rJijuQoR1vw6yDPj9NV/cvARRyrmaqCNE76x26htG01udi231rtb8jVh+bwCk3J4
L9ChJnSjmpMOVq/7ZUD8vDRa8qJTXhYPAzG2XfF/IMbYPNWgvUyiCDDf7IbxHcDO
XsJVaFe4JwPSEK03hBgJvhvcM35b7qiFqXAj1aEkvSYTGjVQPXgaqfjZcoiaubUV
fMTHNMBKvbf3BD8OyiE+1xHSZt1oxuYvyifFqBdgL6t86iAAAyCoR264/kkPUcig
+j7C4v6u/B8mpHMgMjpuepRi8vpkFNXQvYR8K8ndbqG6QdXNhcBthpxeCUok8ceC
3KED212MniccV2cc2E8jINLlZStyQCVO6hYTWGxfn8LuKhDjkLM=
=bGnX
-----END PGP SIGNATURE-----
|
|
|
|
