* SECURITY UPDATE: Fix vulnerability to a "wrapping attack" that could
allow a remote, unauthenticated attacker to craft messages that can be
successfully verified but contain arbitrary content. This may allow
an attacker to subvert the security of software using OpenSAML and
supply an unauthenticated login identity and data under the guise of a
trusted issuer. (LP: #817199)
- Patch obtained from Debian (2.3-2+squeeze1)
- CVE-2011-1411
-- Joshua Daniel Franklin <email address hidden> Thu, 28 Jul 2011 14:50:45 -0700
This bug was fixed in the package opensaml2 - 2.3-1ubuntu0.1
---------------
opensaml2 (2.3-1ubuntu0.1) lucid-security; urgency=high
* SECURITY UPDATE: Fix vulnerability to a "wrapping attack" that could
allow a remote, unauthenticated attacker to craft messages that can be
successfully verified but contain arbitrary content. This may allow
an attacker to subvert the security of software using OpenSAML and
supply an unauthenticated login identity and data under the guise of a
trusted issuer. (LP: #817199)
- Patch obtained from Debian (2.3-2+squeeze1)
- CVE-2011-1411
-- Joshua Daniel Franklin <email address hidden> Thu, 28 Jul 2011 14:50:45 -0700