DSA-3321-2 opensaml2 -- opensaml2ID: oval:org.secpod.oval:def:602201 | Date: (C)2015-08-28 (M)2023-11-13 |
Class: PATCH | Family: unix |
It was discovered that opensaml2, a Security Assertion Markup Language library, needed to be rebuilt against a fixed version of the xmltooling package due to its use of macros vulnerable to CVE-2015-0851 as fixed in the DSA 3321-1 update. For reference the original advisory text follows. The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML. This could allow remote attackers to cause a denial of service via crafted XML data.
Platform: |
Debian 8.x |
Debian 7.x |
Product: |
libxmltooling-dev |