[SECURITY] [DLA 1179-1] shibboleth-sp2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1179-1] shibboleth-sp2 security update
From: Markus Koschany <apo@debian.org>
Date: Sat, 18 Nov 2017 21:24:33 +0100
Message-id: <[🔎] f3a54af2-b11b-3d9c-3317-a05064d67e43@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : shibboleth-sp2
Version        : 2.4.3+dfsg-5+deb7u2
CVE ID         : CVE-2017-16852
Debian Bug     : 881857

Rod Widdowson of Steading System Software LLP discovered a coding error
in the "Dynamic" metadata plugin of the Shibboleth Service Provider,
causing the plugin to fail configuring itself with the filters provided
and omitting whatever checks they are intended to perform.

For Debian 7 "Wheezy", these problems have been fixed in version
2.4.3+dfsg-5+deb7u2.

We recommend that you upgrade your shibboleth-sp2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloQlwFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeS3rhAAi+3YKeOwLu7PY+WdyTM9Zuhrz3hPilYnTaNK60gfgSrVpNXOc/m3OZi8
KvGwnLkCVQQfaz4nnEJIpHjcJiyI7lIJ+wrbewVxGzFOtwd741egP6qie0pnL6ge
ZZhxCms/hNNEi0aaF2EI/RpDuJvOSThABFTYDMVQqq2Puve2bSncGk7RZGifIQ+0
pr1IwVkK0yC6j/2wiOb2WJSWGoELXRYTI+tUpxAUPljGc1CH0ptfz2j/cI9jlgK/
LwCLnA2o7uuXpPMM+IfDgBL1Eb2hNEptACsW79Ce1r9acqYB2TxvNJ6ZfYg3Wx9N
6iIPF4WoH3JBKjuXMHZBfJncfn7X6u3phKuR80EVPX4jOuzYJVh0b+hS1vRfneVW
TJAZrx/wxtIMljUOteeFznrkdb0wWXb5+1E1zPs/qgP3AGiy9x3RyQpIqi0aN+LI
X/tQYZFqYYvWwxQvYgLTmagIMnyJJucNmELOcWXHo8bKrZxPm3VeDi8a2IvldcCg
iCTv8nvdg6UrlBoPbxQDW+v/vruRy066Dt3HTLeuKS9GeLjeVNKvod8KO0TkH2E6
EG575wP6EWbcbsJaMvcck0CipaZGXYi0rJS9M+HM2YiKlTm31qZstgzKLJbsYXb8
11c71PB2qR7/SyYMfwZbd63JbAabImmZjp9hinQs2N0z+NbEQ5Y=
=2i/M
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1178-1] opensaml2 security update
Next by Date: [SECURITY] [DLA 1180-1] libspring-ldap-java security update
Previous by thread: [SECURITY] [DLA 1178-1] opensaml2 security update
Next by thread: [SECURITY] [DLA 1180-1] libspring-ldap-java security update
Index(es):
- Date
- Thread