[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2009:1428-01 -- Redhat xmlsec1

ID: oval:org.secpod.oval:def:500582Date: (C)2012-01-31   (M)2023-11-09
Class: PATCHFamily: unix




The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using cryptographic hash functions. The HMAC algorithm allows the hash output to be truncated . A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1. An attacker could use this flaw to create a specially-crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. Users of xmlsec1 should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, applications that use the XML Security Library must be restarted for the update to take effect.

Platform:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
Product:
xmlsec1
Reference:
RHSA-2009:1428-01
CVE-2009-0217
CVE    1
CVE-2009-0217
CPE    3
cpe:/o:redhat:enterprise_linux:5
cpe:/o:redhat:enterprise_linux:4
cpe:/a:aleksey:xmlsec1

© SecPod Technologies