Debian Security Advisory
DSA-2284-1 opensaml2 -- implementation error
- Date Reported:
- 25 Jul 2011
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2011-1411.
- More information:
Juraj Somorovsky, Andreas Mayer, Meiko Jensen, Florian Kohlar, Marco Kampmann and Joerg Schwenk discovered that Shibboleth, a federated web single sign-on system is vulnerable to XML signature wrapping attacks. More details can be found in the Shibboleth advisory.
For the oldstable distribution (lenny), this problem has been fixed in version 2.0-2+lenny3.
For the stable distribution (squeeze), this problem has been fixed in version 2.3-2+squeeze1.
For the unstable distribution (sid), this problem will be fixed soon.