opensaml2 security advisory (CVE-2011-1411)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
opensaml2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Shibboleth Security Advisory [25 July 2011]
Updated versions of the Shibboleth Project's OpenSAML software in
Java and C++ are available which correct a security issue.
This general issue affects BOTH Identity and Service Provider
deployments, so a single advisory is being issued for both.
For the Identity Provider, this issue is rated as "important". An
unauthenticated remote attacker could leverage the flaw to obtain
unauthorized access to user data under certain circumstances.
For the Service Provider, this issue is rated as "critical", and
allows an unauthenticated remote attacker to access protected
resources.
Deployers should take immediate steps as outlined in this advisory
and apply the relevant update(s) at the soonest possible moment.
Original:
http://
Debian:
http://
For the oldstable distribution (lenny), this problem has been fixed in version 2.0-2+lenny3.
For the stable distribution (squeeze), this problem has been fixed in version 2.3-2+squeeze1.
Related branches
CVE References
visibility: | private → public |
Changed in opensaml2 (Ubuntu): | |
status: | New → Triaged |
So, basically please sync opensaml2 in lucid from debian squeeze http:// packages. debian. org/source/ squeeze/ opensaml2