Ubuntu
opensaml2 package

Security advisory for Shibboleth SP2 - need to move to v2.6.0

Bug #1636590 reported by PiersHarding
30
This bug affects 6 people
Affects Status Importance Assigned to Milestone
opensaml2 (Ubuntu)
Confirmed
Undecided
Unassigned
shibboleth-sp2 (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Hi -

I have been trying to get the package build working for shibboleth-sp2 against Xenial 16.04 so that I can use version 2.6.0 which is the only vulnerability free version available according to https://wiki.shibboleth.net/confluence/display/SHIB2/SecurityAdvisories.

I ran into a few problems with this but managed to fumble my way through it - notes here: https://answers.launchpad.net/ubuntu/+source/shibboleth-sp2/+question/403424

However, it would be great if we could have an official build for this.

Thanks,
Piers Harding.

CVE References

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in shibboleth-sp2 (Ubuntu):
status: New → Confirmed
Launchpad Janitor (janitor)
Changed in opensaml2 (Ubuntu):
status: New → Confirmed
Revision history for this message
Kraig Hufstedler (kraigh) wrote :

I would also like to request this update, we're on 14.04 and based on this security advisory from Shibboleth, need to update Shibboleth to 2.6: https://shibboleth.net/community/advisories/secadv_20171115.txt

Revision history for this message
Guy Halse (ghalse) wrote :

FWIW the Swiss federation operator (SWITCHaai) maintains a repository with up-to-date versions of Shibboleth SP for trusty, precise, and xenial: http://pkg.switch.ch/switchaai/

Revision history for this message
PiersHarding (piersharding) wrote :

Hi Guy - thanks for this.
Cheers,
Piers.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.