CVE-2017-1000433

Priority
Medium
Description
pysaml2 version 4.4.0 and older accept any password when run with python
optimizations enabled. This allows attackers to log in as any user without
knowing their password.
References
Assigned-to
leosilva
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (3.0.0-3ubuntu1.16.04.3)
Ubuntu 17.04 (Zesty Zapus):released (3.0.0-3ubuntu1.17.04.3)
Ubuntu 17.10 (Artful Aardvark):released (3.0.0-3ubuntu2.2)
Ubuntu 18.04 LTS (Bionic Beaver):needed
Patches:
Upstream:https://github.com/rohe/pysaml2/commit/efe27e2f40bf1c35d847f935ba74b4b86aa90fb5
More Information

Updated: 2018-01-08 17:14:18 UTC (commit 13963)