[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-1947-1 shibboleth-sp, shibboleth-sp2, opensaml2 -- missing input sanitising

ID: oval:org.secpod.oval:def:600326Date: (C)2011-05-13   (M)2022-10-10
Class: PATCHFamily: unix




Matt Elder discovered that Shibboleth, a federated web single sign-on system is vulnerable to script injection through redirection URLs. For the stable distribution , this problem has been fixed in version 1.3.1.dfsg1-3+lenny2 of shibboleth-sp, version 2.0.dfsg1-4+lenny2 of shibboleth-sp2 and version 2.0-2+lenny2 of opensaml2. For the unstable distribution , this problem has been fixed in version 2.3+dfsg-1 of shibboleth-sp2, version 2.3-1 of opensaml2 and version 1.3.1-1 of xmltooling. We recommend that you upgrade your Shibboleth packages.

Platform:
Debian 5.0
Debian 4.0
Product:
shibboleth-sp
shibboleth-sp2
opensaml2
Reference:
DSA-1947-1
CVE-2009-3300
CVE    1
CVE-2009-3300
CPE    2
cpe:/o:debian:debian_linux:4.x
cpe:/o:debian:debian_linux:5.x

© SecPod Technologies