lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 16 Nov 2017 21:27:42 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4039-1] opensaml2 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4039-1                   security@...ian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 16, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : opensaml2
CVE ID         : CVE-2017-16853
Debian Bug     : 881856

Rod Widdowson of Steading System Software LLP discovered a coding error
in the OpenSAML library, causing the DynamicMetadataProvider class to
fail configuring itself with the filters provided and omitting whatever
checks they are intended to perform.

For the oldstable distribution (jessie), this problem has been fixed
in version 2.5.3-2+deb8u2.

For the stable distribution (stretch), this problem has been fixed in
version 2.6.0-4+deb9u1.

We recommend that you upgrade your opensaml2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAloOASNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RPxA/+NBCSO0BVbyaXwd7dsXr/5gNl9KVTRJhsYKch79VMiagzY7ntzK1wBjLY
MZcrLpGyCjuvRUSmG4i9eM8RaBsBIDYaX/DWYfwqrq0aHDX7M2sdLG2T3EMC0MJj
eTpcdxW+YlPse1g6WiwtcaJOVqnDVveTCE8xwzA2rreFSkdB37dSH29s9BZbKJTZ
ABRj9qgiYIg7ZOgPLdSR2vZ8j+ByyVaAIMPPgp8H1ZkyT1ZN/9WIzrero1/9dmM8
S06pWHG46D7E7nUDDQ4qDZS9Mkl3zB1Gd6ejAq87+J0gmOaFLxGOiic5yPw8vrnD
QNDHXPx1B/Z5qWQgBgZEKECZfatWuudBAiSqNQO35wwVhNNT0Qw2VnjY5shP+ST0
YDJumTUozXTts0h+3Pu4H5JHMT1Q3OklFVHcjbPkPdXDnRE8ZotAYj1PqHrPSY9+
x0KV0w7AOvmemViCbmPLUQZGC4aiodDacqo/2cG8YOjSPD7UjZwkoLxBrC6Cxgy7
53zMsMbws5gwuB8as0bMufFPuiEZ3VE4/nnUPg0U87aYXK52x5FPaIciqqrQLEU0
QsZ8rskzwbsuFKosNvusoZev3X19BtStRRp2AAw7UC2iz/3Faxs6OStEsDofPq6R
z7BdHcU+7F7qP/PcibIRebA8Q/qH30xWdtSMezA9MeojRCbAmOI=
=mgMW
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ