Debian Security Advisory 4630-1

Debian Security Advisory 4630-1: Posted Feb 28, 2020; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4630-1 - It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification.; tags | advisory, python; systems | linux, debian; advisories | CVE-2020-5390; SHA-256 | b455e7a7fba61ee1881640cfb2163c846bf832ec6b79543bd174a3815adaea48; Download | Favorite | View

Debian Security Advisory 4630-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4630-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 21, 2020                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : python-pysaml2
CVE ID         : CVE-2020-5390

It was discovered that pysaml2, a Python implementation of SAML to be
used in a WSGI environment, was susceptible to XML signature wrapping
attacks, which could result in a bypass of signature verification.

For the oldstable distribution (stretch), this problem has been fixed
in version 3.0.0-5+deb9u1.

For the stable distribution (buster), this problem has been fixed in
version 5.4.1-2+deb10u1.

We recommend that you upgrade your python-pysaml2 packages.

For the detailed security status of python-pysaml2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-pysaml2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5QOy0ACgkQEMKTtsN8
TjatdhAAhFF5yji3kWNPKqsij0i4/Beyf5dw4oh0+muu4C2xrr5vWrJBMoCBqeBz
oeIxvRgl43MBJGJ2K+VzgAsJ7g7s1TswbZS0HsjVi9AwjcGxuiZGsskre1Bn7dwN
0bx8LIRwv5LMufLgbViSnAp1qWhbk4bdhg8bTrTjXcFr/bAvpQJ7XnNpqH3x3vWM
ihAwlld7tKYObnqDIwFnZJJsoRhKSoR8NNCed/O9aWk2VaBPj7OCu1OuF8RInQ32
1bwdu45c9icdgFzgubyslp4U7fLb2Nv2DyfsjUWnRcBmkvs4mrjJfSPkKIFNS5iX
rJijuQoR1vw6yDPj9NV/cvARRyrmaqCNE76x26htG01udi231rtb8jVh+bwCk3J4
L9ChJnSjmpMOVq/7ZUD8vDRa8qJTXhYPAzG2XfF/IMbYPNWgvUyiCDDf7IbxHcDO
XsJVaFe4JwPSEK03hBgJvhvcM35b7qiFqXAj1aEkvSYTGjVQPXgaqfjZcoiaubUV
fMTHNMBKvbf3BD8OyiE+1xHSZt1oxuYvyifFqBdgL6t86iAAAyCoR264/kkPUcig
+j7C4v6u/B8mpHMgMjpuepRi8vpkFNXQvYR8K8ndbqG6QdXNhcBthpxeCUok8ceC
3KED212MniccV2cc2E8jINLlZStyQCVO6hYTWGxfn8LuKhDjkLM=
=bGnX
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 222 files
Ubuntu 58 files
Debian 28 files
LiquidWorm 11 files
Valentin Lobstein 10 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 6 files
Milad Karimi 5 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,023)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,346)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,586)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,464)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Debian Security Advisory 4630-1

Debian Security Advisory 4630-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4630-1

Share This

Debian Security Advisory 4630-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems