Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:0738-1

Опубликовано: 18 мар. 2018
Источник: suse-cvrf

Описание

Security update for xmltooling

This update for xmltooling fixes the following issues:

  • CVE-2018-0489: Fixed a security bug when xmltooling mishandled digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486. (bsc#1083247)

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Список пакетов

openSUSE Leap 42.3
libxmltooling-devel-1.5.6-9.1
libxmltooling6-1.5.6-9.1
xmltooling-1.5.6-9.1
xmltooling-schemas-1.5.6-9.1

Ссылки

Описание

Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.

Затронутые продукты
openSUSE Leap 42.3:libxmltooling-devel-1.5.6-9.1
openSUSE Leap 42.3:libxmltooling6-1.5.6-9.1
openSUSE Leap 42.3:xmltooling-1.5.6-9.1
openSUSE Leap 42.3:xmltooling-schemas-1.5.6-9.1
Ссылки

Описание

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.

Затронутые продукты
openSUSE Leap 42.3:libxmltooling-devel-1.5.6-9.1
openSUSE Leap 42.3:libxmltooling6-1.5.6-9.1
openSUSE Leap 42.3:xmltooling-1.5.6-9.1
openSUSE Leap 42.3:xmltooling-schemas-1.5.6-9.1
Ссылки