Описание
Security update for xmltooling
This update for xmltooling fixes the following issues:
- CVE-2018-0486: Fixed a security bug when xmltooling mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD (bsc#1075975)
Список пакетов
SUSE Linux Enterprise Server 12 SP2
libxmltooling6-1.5.6-3.3.2
xmltooling-schemas-1.5.6-3.3.2
SUSE Linux Enterprise Server 12 SP3
libxmltooling6-1.5.6-3.3.2
xmltooling-schemas-1.5.6-3.3.2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libxmltooling6-1.5.6-3.3.2
xmltooling-schemas-1.5.6-3.3.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libxmltooling6-1.5.6-3.3.2
xmltooling-schemas-1.5.6-3.3.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libxmltooling6-1.5.6-3.3.2
xmltooling-schemas-1.5.6-3.3.2
SUSE Linux Enterprise Software Development Kit 12 SP2
libxmltooling-devel-1.5.6-3.3.2
SUSE Linux Enterprise Software Development Kit 12 SP3
libxmltooling-devel-1.5.6-3.3.2
Ссылки
- Link for SUSE-SU-2018:0140-1
- E-Mail link for SUSE-SU-2018:0140-1
- SUSE Security Ratings
- SUSE Bug 1075975
- SUSE CVE CVE-2018-0486 page
Описание
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2:libxmltooling6-1.5.6-3.3.2
SUSE Linux Enterprise Server 12 SP2:xmltooling-schemas-1.5.6-3.3.2
SUSE Linux Enterprise Server 12 SP3:libxmltooling6-1.5.6-3.3.2
SUSE Linux Enterprise Server 12 SP3:xmltooling-schemas-1.5.6-3.3.2
Ссылки
- CVE-2018-0486
- SUSE Bug 1075975
- SUSE Bug 1083247