SUSE-SU-2023:2766-1

Опубликовано: 03 июл. 2023

Источник: suse-cvrf

Описание

Security update for xmltooling

This update for xmltooling fixes the following issues:

CVE-2023-36661: Fixed a server-side-request-forgery (SSRF) vulnerability (bsc#1212359).

Список пакетов

openSUSE Leap 15.4

libxmltooling7-1.6.4-150000.3.10.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232766-1/
Link for SUSE-SU-2023:2766-1
https://lists.suse.com/pipermail/sle-security-updates/2023-July/015407.html
E-Mail link for SUSE-SU-2023:2766-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1212359
SUSE Bug 1212359
https://www.suse.com/security/cve/CVE-2023-36661/
SUSE CVE CVE-2023-36661 page

Описание

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)

Затронутые продукты

openSUSE Leap 15.4:libxmltooling7-1.6.4-150000.3.10.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-36661.html
CVE-2023-36661
https://bugzilla.suse.com/1212359
SUSE Bug 1212359

SUSE-SU-2023:2766-1

Описание

Список пакетов

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2023-36661

Описание

Затронутые продукты

Ссылки