Описание
Security update for shibboleth-sp
This update for shibboleth-sp fixes the following issues:
Security issue fixed:
- CVE-2017-16852: Fix critical security checks in the Dynamic MetadataProvider plugin in Shibboleth Service (bsc#1068689).
This update was imported from the SUSE:SLE-12-SP1:Update update project.
Список пакетов
openSUSE Leap 42.2
libshibsp-lite6-2.5.5-9.2
libshibsp6-2.5.5-9.2
shibboleth-sp-2.5.5-9.2
shibboleth-sp-devel-2.5.5-9.2
openSUSE Leap 42.3
libshibsp-lite6-2.5.5-9.2
libshibsp6-2.5.5-9.2
shibboleth-sp-2.5.5-9.2
shibboleth-sp-devel-2.5.5-9.2
Ссылки
- E-Mail link for openSUSE-SU-2017:3229-1
- SUSE Security Ratings
Описание
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.
Затронутые продукты
openSUSE Leap 42.2:libshibsp-lite6-2.5.5-9.2
openSUSE Leap 42.2:libshibsp6-2.5.5-9.2
openSUSE Leap 42.2:shibboleth-sp-2.5.5-9.2
openSUSE Leap 42.2:shibboleth-sp-devel-2.5.5-9.2
Ссылки
- CVE-2017-16852
- SUSE Bug 1068689