From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1896-1
[email protected] http://www.debian.org/security/ Florian Weimer September 28, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : opensaml, shibboleth-sp
Vulnerability : several
Problem type : remote
Debian-specific: no
Several vulnerabilities have been discovered in the opensaml and
shibboleth-sp packages, as used by Shibboleth 1.x:
Chris Ries discovered that decoding a crafted URL leads to a crash
(and potentially, arbitrary code execution).
Ian Young discovered that embedded NUL characters in certificate names
were not correctly handled, exposing configurations using PKIX trust
validation to impersonation attacks.
Incorrect processing of SAML metadata ignored key usage constraints.
For the old stable distribution (etch), these problems have been fixed
in version 1.3f.dfsg1-2+etch1 of the shibboleth-sp packages, and
version 1.1a-2+etch1 of the opensaml packages.
For the stable distribution (lenny), these problems have been fixed in
version 1.3.1.dfsg1-3+lenny1 of the shibboleth-sp packages, and
version 1.1.1-2+lenny1 of the opensaml packages.
The unstable distribution (sid) does not contain Shibboleth 1.x
packages.
This update requires restarting the affected services (mainly Apache)
to become effective.
We recommend that you upgrade your Shibboleth 1.x packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3f.dfsg1.orig.tar.gz
Size/MD5 checksum: 731365 7aba8f84ff20013dea55a4a34306791a
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3f.dfsg1-2+etch1.diff.gz
Size/MD5 checksum: 33253 3bd951730a7e805ef8b436f785f3cd0f
http://security.debian.org/pool/updates/main/o/opensaml/opensaml_1.1a.orig.tar.gz
Size/MD5 checksum: 431727 e50f19dc742bdb6669f823f76f9ced12
http://security.debian.org/pool/updates/main/o/opensaml/opensaml_1.1a-2+etch1.dsc
Size/MD5 checksum: 774 22bd6bcc0595e9ae32b141121bbc10f7
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3f.dfsg1-2+etch1.dsc
Size/MD5 checksum: 956 dc51ee8bc956d49960ec5c9566cba5c4
http://security.debian.org/pool/updates/main/o/opensaml/opensaml_1.1a-2+etch1.diff.gz
Size/MD5 checksum: 11333 485ae33e08081e21c2b882f2052a86be
Architecture independent packages:
http://security.debian.org/pool/updates/main/o/opensaml/opensaml-schemas_1.1a-2+etch1_all.deb
Size/MD5 checksum: 18224 7c7bfa1ccfb3546ca93dd5d9d5c4e063
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch1_alpha.deb
Size/MD5 checksum: 4213748 163d12435a9d2aeb6ab04881505e2516
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch1_alpha.deb
Size/MD5 checksum: 81534 f7edfe0e99da4333235ba81a985fb8bf
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1a-2+etch1_alpha.deb
Size/MD5 checksum: 696796 dbb83c6cc8940ea882d8607a36ade762
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch1_alpha.deb
Size/MD5 checksum: 598238 cb8f286ce0602a99dcc5fa3458bf327f
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1a-2+etch1_alpha.deb
Size/MD5 checksum: 266878 a87d8d1658c82a1896b31f8e1df7b42c
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch1_alpha.deb
Size/MD5 checksum: 216822 262f2ab64eea644f32080482aca89011
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1a-2+etch1_amd64.deb
Size/MD5 checksum: 254730 540965288e3c18644b73581a7d038836
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch1_amd64.deb
Size/MD5 checksum: 457632 33e4e01a715453122313f4933e8aae91
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch1_amd64.deb
Size/MD5 checksum: 199936 e94b92835ce264bdca4e54f82bb76ff7
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch1_amd64.deb
Size/MD5 checksum: 4010366 b59b88fcb41352ce912c7f44955f775b
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch1_amd64.deb
Size/MD5 checksum: 78030 e7e69e0033e89524cbf8ba25634023ae
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1a-2+etch1_amd64.deb
Size/MD5 checksum: 532752 894ac4d6adf5703e943e3cb1b1072b92
arm architecture (ARM)
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch1_arm.deb
Size/MD5 checksum: 3777528 9989b00c8326f222256f8f46a65c74b8
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch1_arm.deb
Size/MD5 checksum: 77196 60c2bc0ab8b4f5034abb6c21e33c7aaa
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch1_arm.deb
Size/MD5 checksum: 223042 d33d8562da6ae3720d1d6aa02a1823c9
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1a-2+etch1_arm.deb
Size/MD5 checksum: 514478 95f2761ef51692c6a1d6b2c519ffba91
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch1_arm.deb
Size/MD5 checksum: 463620 879e3626c904d7198f03049234d46946
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1a-2+etch1_arm.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)