Описание
Security update for opensaml
This update for opensaml fixes the following issues:
- CVE-2025-31335: Fixed a bug where parameter manipulation allows the forging of signed SAML messages. (bsc#1239889)
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP6
libsaml-devel-3.1.0-150300.3.3.1
libsaml11-3.1.0-150300.3.3.1
opensaml-schemas-3.1.0-150300.3.3.1
openSUSE Leap 15.6
libsaml-devel-3.1.0-150300.3.3.1
libsaml11-3.1.0-150300.3.3.1
opensaml-bin-3.1.0-150300.3.3.1
opensaml-schemas-3.1.0-150300.3.3.1
Ссылки
- Link for SUSE-SU-2025:1500-1
- E-Mail link for SUSE-SU-2025:1500-1
- SUSE Security Ratings
- SUSE Bug 1239889
- SUSE CVE CVE-2025-31335 page
Описание
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation (when using SAML bindings that rely on non-XML signatures).
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP6:libsaml-devel-3.1.0-150300.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP6:libsaml11-3.1.0-150300.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP6:opensaml-schemas-3.1.0-150300.3.3.1
openSUSE Leap 15.6:libsaml-devel-3.1.0-150300.3.3.1
Ссылки
- CVE-2025-31335
- SUSE Bug 1239889