Security Information / 2011 / Security Information -- DSA-2284-1 opensaml2

Debian Security Advisory

DSA-2284-1 opensaml2 -- implementation error

Date Reported:

25 Jul 2011

Affected Packages:

opensaml2

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2011-1411.

More information:

Juraj Somorovsky, Andreas Mayer, Meiko Jensen, Florian Kohlar, Marco Kampmann and Joerg Schwenk discovered that Shibboleth, a federated web single sign-on system is vulnerable to XML signature wrapping attacks. More details can be found in the Shibboleth advisory.

For the oldstable distribution (lenny), this problem has been fixed in version 2.0-2+lenny3.

For the stable distribution (squeeze), this problem has been fixed in version 2.3-2+squeeze1.

For the unstable distribution (sid), this problem will be fixed soon.