Описание
Security update for xmltooling
This update for xmltooling fixes the following issues:
- CVE-2018-0486: Fixed a security bug when xmltooling mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD (bsc#1075975)
This update was imported from the SUSE:SLE-12-SP1:Update update project.
Список пакетов
openSUSE Leap 42.2
libxmltooling-devel-1.5.6-6.1
libxmltooling6-1.5.6-6.1
xmltooling-1.5.6-6.1
xmltooling-schemas-1.5.6-6.1
openSUSE Leap 42.3
libxmltooling-devel-1.5.6-6.1
libxmltooling6-1.5.6-6.1
xmltooling-1.5.6-6.1
xmltooling-schemas-1.5.6-6.1
Ссылки
- E-Mail link for openSUSE-SU-2018:0158-1
- SUSE Security Ratings
Описание
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
Затронутые продукты
openSUSE Leap 42.2:libxmltooling-devel-1.5.6-6.1
openSUSE Leap 42.2:libxmltooling6-1.5.6-6.1
openSUSE Leap 42.2:xmltooling-1.5.6-6.1
openSUSE Leap 42.2:xmltooling-schemas-1.5.6-6.1
Ссылки
- CVE-2018-0486
- SUSE Bug 1075975
- SUSE Bug 1083247