DSA-1947-1 shibboleth-sp, shibboleth-sp2, opensaml2 -- missing input sanitisingID: oval:org.secpod.oval:def:600326 | Date: (C)2011-05-13 (M)2022-10-10 |
Class: PATCH | Family: unix |
Matt Elder discovered that Shibboleth, a federated web single sign-on system is vulnerable to script injection through redirection URLs. For the stable distribution , this problem has been fixed in version 1.3.1.dfsg1-3+lenny2 of shibboleth-sp, version 2.0.dfsg1-4+lenny2 of shibboleth-sp2 and version 2.0-2+lenny2 of opensaml2. For the unstable distribution , this problem has been fixed in version 2.3+dfsg-1 of shibboleth-sp2, version 2.3-1 of opensaml2 and version 1.3.1-1 of xmltooling. We recommend that you upgrade your Shibboleth packages.
Platform: |
Debian 5.0 |
Debian 4.0 |
Product: |
shibboleth-sp |
shibboleth-sp2 |
opensaml2 |