Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-259-1 shibboleth-sp2

Debian Security Advisory

DLA-259-1 shibboleth-sp2 -- LTS security update

Date Reported:

30 Jun 2015

Affected Packages:

shibboleth-sp2

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-2684.

More information:

A denial of service vulnerability was found in the Shibboleth (an federated identity framework) Service Provider. When processing certain malformed SAML message generated by an authenticated attacker, the daemon could crash.

For the Debian 6 Squeeze distribution, this problem has been fixed in version 2.3.1+dfsg-5+deb6u1.

We recommend that you upgrade your shibboleth-sp2 packages.