drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in shibboleth-sp
Name: |
Denial of Service in shibboleth-sp |
|
ID: |
DSA-4905-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian buster |
|
Datum: |
Di, 27. April 2021, 22:34 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31826 |
|
Applikationen: |
Shibboleth |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4905-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 27, 2021 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : shibboleth-sp CVE ID : CVE-2021-31826 Debian Bug : 987608
It was discovered that the Shibboleth Service Provider is prone to a NULL pointer dereference flaw in the cookie-based session recovery feature. A remote, unauthenticated attacker can take advantage of this flaw to cause a denial of service (crash in the shibd daemon/service).
For additional information please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20210426.txt
For the stable distribution (buster), this problem has been fixed in version 3.0.4+dfsg1-1+deb10u2.
We recommend that you upgrade your shibboleth-sp packages.
For the detailed security status of shibboleth-sp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/shibboleth-sp
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCIaIxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S0iQ//VkszUO5UbekCO98GIDta1UUehBqCDKeEjaQFkmJzcKAQ4yup6j6o552T ksPbARkYM7/nEzKr+Sme4u9pBuKqiP/Ph3uXo6LyzcJWyoFrE+DMIlfSJfeIuvHb rmKhE9tS1odbFUw6iBtb5ywPkTqxMMiGXPvly7sRGSCTcyMp5r6c4FmzX9mzUs/f AJflD/WI+SavQIL57RavqZhMWpLDo7qARcqB4ZVCCoEc2EsamEBZLrU7cs3bh9Pq j3wVGQANxcks6ycH593pcvEUJyO/ipRxFjFlr6BIq0U5z6hXc2zLTBRlbAY+VJer kARWc55sA5oHMzSiPXyj4OU2p8GbH4hL3qpAPD7wIeH7YycUF5OeuR0Qmq6JMQgN 7L6zUE7teqJLl/s1/St96yJ7wSqBOll10DSgqbsnUzr17C7wJiIBVubAiRJPmLNw f/zKmgP/0uW1e0WOdX4hALHdIqe6rJBBLRb40CQ7+QyHVPKsvUsEqsi/dWkQ1lHG z/4rMMSOXVYMOZFojEIHFGo6ajj1ZughADJRA4IjIWwYRovu9oNxYrUDrhveAR73 pMSXJGYelWOjor4uvei7EMZK2Nyp0BABlN/GsHvIw4QqAN7HGRhluGJnbUecZVbu N8CNTLyE81zOummmRvQmXhzGZryE9kfsqZ/I8+4cH393o1juSsM= =jxO9 -----END PGP SIGNATURE-----
|
|
|
|