Описание
Security update for xmltooling
This update for xmltooling fixes the following issues:
- CVE-2018-0489: Fixed a security bug when xmltooling mishandled digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486. (bsc#1083247)
Список пакетов
SUSE Linux Enterprise Server 12 SP2
libxmltooling6-1.5.6-3.6.1
xmltooling-schemas-1.5.6-3.6.1
SUSE Linux Enterprise Server 12 SP3
libxmltooling6-1.5.6-3.6.1
xmltooling-schemas-1.5.6-3.6.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libxmltooling6-1.5.6-3.6.1
xmltooling-schemas-1.5.6-3.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libxmltooling6-1.5.6-3.6.1
xmltooling-schemas-1.5.6-3.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libxmltooling6-1.5.6-3.6.1
xmltooling-schemas-1.5.6-3.6.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libxmltooling-devel-1.5.6-3.6.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libxmltooling-devel-1.5.6-3.6.1
Ссылки
- Link for SUSE-SU-2018:0720-1
- E-Mail link for SUSE-SU-2018:0720-1
- SUSE Security Ratings
- SUSE Bug 1083247
- SUSE CVE CVE-2018-0486 page
- SUSE CVE CVE-2018-0489 page
Описание
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2:libxmltooling6-1.5.6-3.6.1
SUSE Linux Enterprise Server 12 SP2:xmltooling-schemas-1.5.6-3.6.1
SUSE Linux Enterprise Server 12 SP3:libxmltooling6-1.5.6-3.6.1
SUSE Linux Enterprise Server 12 SP3:xmltooling-schemas-1.5.6-3.6.1
Ссылки
- CVE-2018-0486
- SUSE Bug 1075975
- SUSE Bug 1083247
Описание
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2:libxmltooling6-1.5.6-3.6.1
SUSE Linux Enterprise Server 12 SP2:xmltooling-schemas-1.5.6-3.6.1
SUSE Linux Enterprise Server 12 SP3:libxmltooling6-1.5.6-3.6.1
SUSE Linux Enterprise Server 12 SP3:xmltooling-schemas-1.5.6-3.6.1
Ссылки
- CVE-2018-0489
- SUSE Bug 1083247