UbuntuUpdates.org

Package "shibboleth-sp"

Name: shibboleth-sp

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Federated web single sign-on system (Apache module)
  • transitional package
  • Federated web single sign-on system (development)
  • Federated web single sign-on system (API docs)

Latest version: 3.0.4+dfsg1-1ubuntu0.2
Release: focal (20.04)
Level: updates
Repository: universe

Links



Other versions of "shibboleth-sp" in Focal

Repository Area Version
base universe 3.0.4+dfsg1-1build1
security universe 3.0.4+dfsg1-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.0.4+dfsg1-1ubuntu0.2 2021-07-20 04:06:21 UTC

  shibboleth-sp (3.0.4+dfsg1-1ubuntu0.2) focal-security; urgency=high

  * SECURITY UPDATE: Session recovery feature contains a null pointer
    deference (LP: #1926250)
    - debian/patches/SSPCPP-927-Check-for-missing-DataSealer-during-cookie-
      rec.patch: Check for missing DataSealer during cookie recovery
    - https://shibboleth.net/community/advisories/secadv_20210426.txt
    - https://issues.shibboleth.net/jira/browse/SSPCPP-927
    - CVE-2021-31826

 -- Etienne Dysli Metref <email address hidden> Thu, 10 Jun 2021 11:30:02 +0200

Source diff to previous version
1926250 CVE-2021-31826: Session recovery feature contains a null pointer deference
CVE-2021-31826 Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploita

Version: 3.0.4+dfsg1-1ubuntu0.1 2021-04-22 23:06:19 UTC

  shibboleth-sp (3.0.4+dfsg1-1ubuntu0.1) focal-security; urgency=high

  * SECURITY UPDATE: Fix a phishing vulnerability: Template generation
    allows external parameters to override placeholders (LP: #1919419)
    - debian/patches/SSPCPP-922-Add-externalParameters-option-to-Errors-
      element.patch: Add externalParameters option to Errors element
    - https://shibboleth.net/community/advisories/secadv_20210317.txt
    - https://issues.shibboleth.net/jira/browse/SSPCPP-922
    - CVE-2021-28963

 -- Etienne Dysli Metref <email address hidden> Thu, 18 Mar 2021 12:22:53 +0100

1919419 Phishing vulnerability: Template generation allows external parameters to override placeholders
CVE-2021-28963 Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.



About   -   Send Feedback to @ubuntu_updates