Описание
Security update for shibboleth-sp
This update for shibboleth-sp fixes the following issues:
Security issue fixed:
- CVE-2017-16852: Fix critical security checks in the Dynamic MetadataProvider plugin in Shibboleth Service (bsc#1068689).
Список пакетов
SUSE Linux Enterprise Server 12 SP2
libshibsp-lite6-2.5.5-6.3.1
libshibsp6-2.5.5-6.3.1
shibboleth-sp-2.5.5-6.3.1
SUSE Linux Enterprise Server 12 SP3
libshibsp-lite6-2.5.5-6.3.1
libshibsp6-2.5.5-6.3.1
shibboleth-sp-2.5.5-6.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libshibsp-lite6-2.5.5-6.3.1
libshibsp6-2.5.5-6.3.1
shibboleth-sp-2.5.5-6.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libshibsp-lite6-2.5.5-6.3.1
libshibsp6-2.5.5-6.3.1
shibboleth-sp-2.5.5-6.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libshibsp-lite6-2.5.5-6.3.1
libshibsp6-2.5.5-6.3.1
shibboleth-sp-2.5.5-6.3.1
SUSE Linux Enterprise Software Development Kit 12 SP2
shibboleth-sp-devel-2.5.5-6.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3
shibboleth-sp-devel-2.5.5-6.3.1
Ссылки
- Link for SUSE-SU-2017:3215-1
- E-Mail link for SUSE-SU-2017:3215-1
- SUSE Security Ratings
- SUSE Bug 1068689
- SUSE CVE CVE-2017-16852 page
Описание
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2:libshibsp-lite6-2.5.5-6.3.1
SUSE Linux Enterprise Server 12 SP2:libshibsp6-2.5.5-6.3.1
SUSE Linux Enterprise Server 12 SP2:shibboleth-sp-2.5.5-6.3.1
SUSE Linux Enterprise Server 12 SP3:libshibsp-lite6-2.5.5-6.3.1
Ссылки
- CVE-2017-16852
- SUSE Bug 1068689