Candidate: CVE-2018-0489
PublicDate: 2018-02-27 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0489
 https://shibboleth.net/community/advisories/secadv_20180227.txt
 https://issues.shibboleth.net/jira/browse/CPPXT-128
Description:
 Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service
 Provider before 2.6.1.4 on Windows and other products, mishandles digital
 signatures of user data, which allows remote attackers to obtain sensitive
 information or conduct impersonation attacks via crafted XML data. NOTE:
 this issue exists because of an incomplete fix for CVE-2018-0486.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1752306
Priority: high
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N [6.5 MEDIUM]


Patches_xmltooling:
upstream_xmltooling: released (1.6.4-1)
precise/esm_xmltooling: DNE
trusty_xmltooling: released (1.5.3-2+deb8u3build0.14.04.1)
trusty/esm_xmltooling: DNE (trusty was released [1.5.3-2+deb8u3build0.14.04.1])
xenial_xmltooling: released (1.5.6-2ubuntu0.2)
artful_xmltooling: ignored (reached end-of-life)
bionic_xmltooling: not-affected (1.6.4-1ubuntu2)
devel_xmltooling: not-affected (1.6.4-1ubuntu2)