Описание
Security update for xmltooling
This update for xmltooling fixes the following issues:
- CVE-2023-36661: Fix server-side request forgery vulnerability (bsc#1212359)
Список пакетов
SUSE Enterprise Storage 7.1
libxmltooling-devel-3.1.0-150300.3.3.1
libxmltooling-lite9-3.1.0-150300.3.3.1
libxmltooling9-3.1.0-150300.3.3.1
xmltooling-schemas-3.1.0-150300.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
libxmltooling-devel-3.1.0-150300.3.3.1
libxmltooling-lite9-3.1.0-150300.3.3.1
libxmltooling9-3.1.0-150300.3.3.1
xmltooling-schemas-3.1.0-150300.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libxmltooling-devel-3.1.0-150300.3.3.1
libxmltooling-lite9-3.1.0-150300.3.3.1
libxmltooling9-3.1.0-150300.3.3.1
xmltooling-schemas-3.1.0-150300.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
libxmltooling-devel-3.1.0-150300.3.3.1
libxmltooling-lite9-3.1.0-150300.3.3.1
libxmltooling9-3.1.0-150300.3.3.1
xmltooling-schemas-3.1.0-150300.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP5
libxmltooling-devel-3.1.0-150300.3.3.1
libxmltooling-lite9-3.1.0-150300.3.3.1
libxmltooling9-3.1.0-150300.3.3.1
xmltooling-schemas-3.1.0-150300.3.3.1
SUSE Linux Enterprise Real Time 15 SP3
libxmltooling-devel-3.1.0-150300.3.3.1
libxmltooling-lite9-3.1.0-150300.3.3.1
libxmltooling9-3.1.0-150300.3.3.1
xmltooling-schemas-3.1.0-150300.3.3.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libxmltooling-devel-3.1.0-150300.3.3.1
libxmltooling-lite9-3.1.0-150300.3.3.1
libxmltooling9-3.1.0-150300.3.3.1
xmltooling-schemas-3.1.0-150300.3.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libxmltooling-devel-3.1.0-150300.3.3.1
libxmltooling-lite9-3.1.0-150300.3.3.1
libxmltooling9-3.1.0-150300.3.3.1
xmltooling-schemas-3.1.0-150300.3.3.1
SUSE Manager Proxy 4.2
libxmltooling-devel-3.1.0-150300.3.3.1
libxmltooling-lite9-3.1.0-150300.3.3.1
libxmltooling9-3.1.0-150300.3.3.1
xmltooling-schemas-3.1.0-150300.3.3.1
SUSE Manager Server 4.2
libxmltooling-devel-3.1.0-150300.3.3.1
libxmltooling-lite9-3.1.0-150300.3.3.1
libxmltooling9-3.1.0-150300.3.3.1
xmltooling-schemas-3.1.0-150300.3.3.1
openSUSE Leap 15.4
libxmltooling-devel-3.1.0-150300.3.3.1
libxmltooling-lite9-3.1.0-150300.3.3.1
libxmltooling9-3.1.0-150300.3.3.1
xmltooling-schemas-3.1.0-150300.3.3.1
openSUSE Leap 15.5
libxmltooling-devel-3.1.0-150300.3.3.1
libxmltooling-lite9-3.1.0-150300.3.3.1
libxmltooling9-3.1.0-150300.3.3.1
xmltooling-schemas-3.1.0-150300.3.3.1
Ссылки
- Link for SUSE-SU-2023:3089-1
- E-Mail link for SUSE-SU-2023:3089-1
- SUSE Security Ratings
- SUSE Bug 1212359
- SUSE CVE CVE-2023-36661 page
Описание
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)
Затронутые продукты
SUSE Enterprise Storage 7.1:libxmltooling-devel-3.1.0-150300.3.3.1
SUSE Enterprise Storage 7.1:libxmltooling-lite9-3.1.0-150300.3.3.1
SUSE Enterprise Storage 7.1:libxmltooling9-3.1.0-150300.3.3.1
SUSE Enterprise Storage 7.1:xmltooling-schemas-3.1.0-150300.3.3.1
Ссылки
- CVE-2023-36661
- SUSE Bug 1212359