Update to xml-security 1.4.3 to fix CVE-2009-0217
Bug #416802 reported by
Thierry Carrez
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libxml-security-java (Ubuntu) |
Fix Released
|
High
|
Thierry Carrez |
Bug Description
Binary package hint: libxml-
Apache XML Security (Java) is affected by the vulnerability published in
US-Cert VU #466161. See: http://
information. This bug can allow an attacker to bypass authentication by
inserting/modifying a small HMAC truncation length parameter in the XML
Signature HMAC based SignatureMethod algorithms.
Upgrading to 1.4.3 will fix this.
Related branches
CVE References
Changed in libxml-security-java (Ubuntu): | |
assignee: | nobody → Thierry Carrez (ttx) |
importance: | Undecided → High |
status: | New → Triaged |
To post a comment you must log in.
This bug was fixed in the package libxml- security- java - 1.4.3-0ubuntu1
--------------- security- java (1.4.3-0ubuntu1) karmic; urgency=low
libxml-
* New upstream release, fixes CVE-2009-0217 (LP: #416802)
* debian/build.xml: target 1.4 code to be java2-compatible
-- Thierry Carrez <email address hidden> Fri, 21 Aug 2009 10:34:59 +0200