Описание
Security update for xmltooling
This update for xmltooling fixes the following issues:
- CVE-2023-36661: Fixed a server-side-request-forgery (SSRF) vulnerability (bsc#1212359).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
libxmltooling6-1.5.6-3.13.1
xmltooling-schemas-1.5.6-3.13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libxmltooling6-1.5.6-3.13.1
xmltooling-schemas-1.5.6-3.13.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libxmltooling-devel-1.5.6-3.13.1
Ссылки
- Link for SUSE-SU-2023:2975-1
- E-Mail link for SUSE-SU-2023:2975-1
- SUSE Security Ratings
- SUSE Bug 1212359
- SUSE CVE CVE-2023-36661 page
Описание
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libxmltooling6-1.5.6-3.13.1
SUSE Linux Enterprise Server 12 SP5:xmltooling-schemas-1.5.6-3.13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxmltooling6-1.5.6-3.13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:xmltooling-schemas-1.5.6-3.13.1
Ссылки
- CVE-2023-36661
- SUSE Bug 1212359