drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Signaturen in python-pysaml2
Name: |
Mangelnde Prüfung von Signaturen in python-pysaml2 |
|
ID: |
DSA-4630-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian stretch, Debian buster |
|
Datum: |
Sa, 22. Februar 2020, 01:13 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5390 |
|
Applikationen: |
python-pysaml2 |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4630-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 21, 2020 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : python-pysaml2 CVE ID : CVE-2020-5390
It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification.
For the oldstable distribution (stretch), this problem has been fixed in version 3.0.0-5+deb9u1.
For the stable distribution (buster), this problem has been fixed in version 5.4.1-2+deb10u1.
We recommend that you upgrade your python-pysaml2 packages.
For the detailed security status of python-pysaml2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-pysaml2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5QOy0ACgkQEMKTtsN8 TjatdhAAhFF5yji3kWNPKqsij0i4/Beyf5dw4oh0+muu4C2xrr5vWrJBMoCBqeBz oeIxvRgl43MBJGJ2K+VzgAsJ7g7s1TswbZS0HsjVi9AwjcGxuiZGsskre1Bn7dwN 0bx8LIRwv5LMufLgbViSnAp1qWhbk4bdhg8bTrTjXcFr/bAvpQJ7XnNpqH3x3vWM ihAwlld7tKYObnqDIwFnZJJsoRhKSoR8NNCed/O9aWk2VaBPj7OCu1OuF8RInQ32 1bwdu45c9icdgFzgubyslp4U7fLb2Nv2DyfsjUWnRcBmkvs4mrjJfSPkKIFNS5iX rJijuQoR1vw6yDPj9NV/cvARRyrmaqCNE76x26htG01udi231rtb8jVh+bwCk3J4 L9ChJnSjmpMOVq/7ZUD8vDRa8qJTXhYPAzG2XfF/IMbYPNWgvUyiCDDf7IbxHcDO XsJVaFe4JwPSEK03hBgJvhvcM35b7qiFqXAj1aEkvSYTGjVQPXgaqfjZcoiaubUV fMTHNMBKvbf3BD8OyiE+1xHSZt1oxuYvyifFqBdgL6t86iAAAyCoR264/kkPUcig +j7C4v6u/B8mpHMgMjpuepRi8vpkFNXQvYR8K8ndbqG6QdXNhcBthpxeCUok8ceC 3KED212MniccV2cc2E8jINLlZStyQCVO6hYTWGxfn8LuKhDjkLM= =bGnX -----END PGP SIGNATURE-----
|
|
|
|