drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in shibboleth-sp
| Name: |
Denial of Service in shibboleth-sp |
|
| ID: |
DSA-4905-1 |
|
| Distribution: |
Debian |
|
| Plattformen: |
Debian buster |
|
| Datum: |
Di, 27. April 2021, 22:34 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31826 |
|
| Applikationen: |
Shibboleth |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4905-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 27, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : shibboleth-sp
CVE ID : CVE-2021-31826
Debian Bug : 987608
It was discovered that the Shibboleth Service Provider is prone to a
NULL pointer dereference flaw in the cookie-based session recovery
feature. A remote, unauthenticated attacker can take advantage of this
flaw to cause a denial of service (crash in the shibd daemon/service).
For additional information please refer to the upstream advisory at
https://shibboleth.net/community/advisories/secadv_20210426.txt
For the stable distribution (buster), this problem has been fixed in
version 3.0.4+dfsg1-1+deb10u2.
We recommend that you upgrade your shibboleth-sp packages.
For the detailed security status of shibboleth-sp please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/shibboleth-sp
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCIaIxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0S0iQ//VkszUO5UbekCO98GIDta1UUehBqCDKeEjaQFkmJzcKAQ4yup6j6o552T
ksPbARkYM7/nEzKr+Sme4u9pBuKqiP/Ph3uXo6LyzcJWyoFrE+DMIlfSJfeIuvHb
rmKhE9tS1odbFUw6iBtb5ywPkTqxMMiGXPvly7sRGSCTcyMp5r6c4FmzX9mzUs/f
AJflD/WI+SavQIL57RavqZhMWpLDo7qARcqB4ZVCCoEc2EsamEBZLrU7cs3bh9Pq
j3wVGQANxcks6ycH593pcvEUJyO/ipRxFjFlr6BIq0U5z6hXc2zLTBRlbAY+VJer
kARWc55sA5oHMzSiPXyj4OU2p8GbH4hL3qpAPD7wIeH7YycUF5OeuR0Qmq6JMQgN
7L6zUE7teqJLl/s1/St96yJ7wSqBOll10DSgqbsnUzr17C7wJiIBVubAiRJPmLNw
f/zKmgP/0uW1e0WOdX4hALHdIqe6rJBBLRb40CQ7+QyHVPKsvUsEqsi/dWkQ1lHG
z/4rMMSOXVYMOZFojEIHFGo6ajj1ZughADJRA4IjIWwYRovu9oNxYrUDrhveAR73
pMSXJGYelWOjor4uvei7EMZK2Nyp0BABlN/GsHvIw4QqAN7HGRhluGJnbUecZVbu
N8CNTLyE81zOummmRvQmXhzGZryE9kfsqZ/I8+4cH393o1juSsM=
=jxO9
-----END PGP SIGNATURE-----
|
|
|
|
