Bugtraq mailing list archives
[SECURITY] [DSA 3207-1] shibboleth-sp2 security update
From: Yves-Alexis Perez <corsac () debian org>
Date: Sat, 28 Mar 2015 14:16:06 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3207-1 security () debian org http://www.debian.org/security/ Yves-Alexis Perez March 28, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : shibboleth-sp2 CVE ID : CVE-2015-2684 A denial of service vulnerability was found in the Shibboleth (an federated identity framework) Service Provider. When processing certain malformed SAML message generated by an authenticated attacker, the daemon could crash. For the stable distribution (wheezy), this problem has been fixed in version 2.4.3+dfsg-5+deb7u1. For the upcoming stable distribution (jessie), this problem has been fixed in version 2.5.3+dfsg-2. For the unstable distribution (sid), this problem has been fixed in version 2.5.3+dfsg-2. We recommend that you upgrade your shibboleth-sp2 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce () lists debian org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCgAGBQJVFqmOAAoJEG3bU/KmdcClj2UH/iUoRWVjf7xGbRpyvgL8QdTR H0MxQHyNXiNRmPi/xtyCj3zLcoI14h8fm3Hggam1qfTY36yFnTi4DPnRIliYWb01 +r3dJua3YN5mALoLgJfCupQ2skktHRGlTImhEfLaSfnvmss8byAvT5CAoJiCySXz ILvO/xurlnFzIuWklBttBurvcBKe1HZth3Caa0rZ+kqWdf/QVKiS1vFL1V/Pivop hCt9i/qLQi5HCALYPF4y0ftpKKWErixYNmNG826pr6tWDVDtG82PuQlvtdPYpKmx s9z6dpQGZwpXErkkMBVsVzQ3JXKPCrWzY3orUANkcGKo0dJqG3rNP5eXAtLXMjw= =xA5Y -----END PGP SIGNATURE-----
Current thread:
- [SECURITY] [DSA 3207-1] shibboleth-sp2 security update Yves-Alexis Perez (Mar 30)