DSA-1849-1 xml-security-c -- design flawID: oval:org.secpod.oval:def:600497 | Date: (C)2011-05-13 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater. For the old stable distribution , this problem has been fixed in version 1.2.1-3+etch1. For the stable distribution , this problem has been fixed in version 1.4.0-3+lenny2. For the unstable distribution , this problem has been fixed in version 1.4.0-4. We recommend that you upgrade your xml-security-c packages.
Platform: |
Debian 5.0 |
Debian 4.0 |