Candidate: CVE-2018-0486
PublicDate: 2018-01-13 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0486
 https://shibboleth.net/community/advisories/secadv_20180112.txt
Description:
 Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service
 Provider before 2.6.0 on Windows and other products, mishandles digital
 signatures of user attribute data, which allows remote attackers to obtain
 sensitive information or conduct impersonation attacks via a crafted DTD.
Ubuntu-Description:
Notes:
Bugs:
 https://launchpad.net/bugs/1743762
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N [6.5 MEDIUM]


Patches_xmltooling:
upstream_xmltooling: released (1.6.3)
precise/esm_xmltooling: DNE
trusty_xmltooling: released (1.5.3-2+deb8u2build0.14.04.1)
trusty/esm_xmltooling: DNE (trusty was released [1.5.3-2+deb8u2build0.14.04.1])
xenial_xmltooling: released (1.5.6-2ubuntu0.1)
zesty_xmltooling: ignored (reached end-of-life)
artful_xmltooling: ignored (reached end-of-life)
bionic_xmltooling: not-affected (1.6.3-1)
devel_xmltooling: not-affected (1.6.3-1)