Oval Definition:oval:org.mitre.oval:def:13603
Revision Date:2014-06-23Version:20
Title:DSA-1895-1 xmltooling -- several
Description:Several vulnerabilities have been discovered in the xmltooling packages, as used by Shibboleth: Chris Ries discovered that decoding a crafted URL leads to a crash. Ian Young discovered that embedded NUL characters in certificate names were not correctly handled, exposing configurations using PKIX trust validation to impersonation attacks. Incorrect processing of SAML metadata ignores key usage constraints. This minor issue also needs a correction in the opensaml2 packages, which will be provided in an upcoming stable point release. For the stable distribution, these problems have been fixed in version 1.0-2+lenny1. For the unstable distribution, these problems have been fixed in version 1.2.2-1. We recommend that you upgrade your xmltooling packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):DSA-1895-1
Platform(s):Debian GNU/Linux 5.0
Product(s):xmltooling
Definition Synopsis
  • Debian GNU/Linux 5.0 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • xmltooling-schemas DPKG is earlier than 1.0-2+lenny1
  • OR libxmltooling-doc DPKG is earlier than 1.0-2+lenny1
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is armel
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • libxmltooling-dev DPKG is earlier than 1.0-2+lenny1
  • OR libxmltooling1 DPKG is earlier than 1.0-2+lenny1
  • BACK