Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4630-1] python-pysaml2 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4630-1] python-pysaml2 security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4630-1] python-pysaml2 security update
  • Date: Fri, 21 Feb 2020 20:21:24 +0000
  • List-archive: https://lists.debian.org/msgid-search/20200221202124.lbre6igqyf23ewwg AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Fri, 21 Feb 2020 20:21:40 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <2LyigtoaIyJ.A.9L.UvDUeB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4630-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 21, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : python-pysaml2
CVE ID : CVE-2020-5390

It was discovered that pysaml2, a Python implementation of SAML to be
used in a WSGI environment, was susceptible to XML signature wrapping
attacks, which could result in a bypass of signature verification.

For the oldstable distribution (stretch), this problem has been fixed
in version 3.0.0-5+deb9u1.

For the stable distribution (buster), this problem has been fixed in
version 5.4.1-2+deb10u1.

We recommend that you upgrade your python-pysaml2 packages.

For the detailed security status of python-pysaml2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-pysaml2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5QOy0ACgkQEMKTtsN8
TjatdhAAhFF5yji3kWNPKqsij0i4/Beyf5dw4oh0+muu4C2xrr5vWrJBMoCBqeBz
oeIxvRgl43MBJGJ2K+VzgAsJ7g7s1TswbZS0HsjVi9AwjcGxuiZGsskre1Bn7dwN
0bx8LIRwv5LMufLgbViSnAp1qWhbk4bdhg8bTrTjXcFr/bAvpQJ7XnNpqH3x3vWM
ihAwlld7tKYObnqDIwFnZJJsoRhKSoR8NNCed/O9aWk2VaBPj7OCu1OuF8RInQ32
1bwdu45c9icdgFzgubyslp4U7fLb2Nv2DyfsjUWnRcBmkvs4mrjJfSPkKIFNS5iX
rJijuQoR1vw6yDPj9NV/cvARRyrmaqCNE76x26htG01udi231rtb8jVh+bwCk3J4
L9ChJnSjmpMOVq/7ZUD8vDRa8qJTXhYPAzG2XfF/IMbYPNWgvUyiCDDf7IbxHcDO
XsJVaFe4JwPSEK03hBgJvhvcM35b7qiFqXAj1aEkvSYTGjVQPXgaqfjZcoiaubUV
fMTHNMBKvbf3BD8OyiE+1xHSZt1oxuYvyifFqBdgL6t86iAAAyCoR264/kkPUcig
+j7C4v6u/B8mpHMgMjpuepRi8vpkFNXQvYR8K8ndbqG6QdXNhcBthpxeCUok8ceC
3KED212MniccV2cc2E8jINLlZStyQCVO6hYTWGxfn8LuKhDjkLM=
=bGnX
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4630-1] python-pysaml2 security update, Moritz Muehlenhoff, 21.02.2020

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang