1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4126-1] xmltooling security update

    From Salvatore Bonaccorso@1:229/2 to All on Tue Feb 27 21:40:01 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4126-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 27, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : xmltooling
    CVE ID : CVE-2018-0489

    Kelby Ludwig and Scott Cantor discovered that the Shibboleth service
    provider is vulnerable to impersonation attacks and information
    disclosure due to incorrect XML parsing. For additional details please
    refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20180227.txt

    For the oldstable distribution (jessie), this problem has been fixed
    in version 1.5.3-2+deb8u3.

    For the stable distribution (stretch), this problem has been fixed in
    version 1.6.0-4+deb9u1.

    We recommend that you upgrade your xmltooling packages.

    For the detailed security status of xmltooling please refer to its
    security tracker page at: https://security-tracker.debian.org/tracker/xmltooling

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqVwHpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SmSQ//bQSbS9OIsVPDwdq+6sWrDKqzIfjWDR+F9G/G0/CkrG/08BngwM/pGliO JRJlbBMwZJResuRl/VRGccLTQ2RFgPjcksXQlPnbJ5j2Q0DDMRj4KWeZnwFkLohJ FVmJvUGl3awlu72XmbYJYIkXnu50PjM3tIQox28UGaq4D1o+SEjC8/BGUEB93vc3 4Kyxe6801qzq7958JDs0AURI2XRAGPBQ3mgfqgivP/tlrc4PgHGBxu1kZhZBVHYg VMh97N22NrN8mCOWAD2YWUXww420oUrjP2CW5l2uOSU7PTLvAZ8Mde0iac7BagQz mqR0O0OKfcdPL5GelwdGmgSVzFUuC1wayvmpGtTbXSQnH/ycnilM6OKTtsqkyPol MQiEUN6BwAUEDxM0vWWniA3SVzlJZZDWYxyNPRnuADSqEVZ/f7aX/PXyc+yt3OJx 3eVYbU6pxF67eUCKr/wGeqOk/RtBQR7D+a4Swiqr9jilqOkCEF4FPbvJtm/NEYL2 gZlmkb1/WRkpnqvKoT44h5K/sXIalsDhzZnmOgCIEp0Uuh8OIm/pZEcV9seSLsjR Fwj4Obq2135armau4FLT9b+d2FlR4B3NSVQ23ORK+8Ez99wdBeBDOGIBNqpagU3c chMO0XNTwRuDR4XUotpPyu1G5VxZj/pktKWFf325viN5YDMUxS4=
    =h2EY
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)