CVE-2018-0486

Priority
Description
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service
Provider before 2.6.0 on Windows and other products, mishandles digital
signatures of user attribute data, which allows remote attackers to obtain
sensitive information or conduct impersonation attacks via a crafted DTD.
Notes
Package
Upstream:released (1.6.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1.5.3-2+deb8u2build0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):released (1.5.6-2ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.6.3-1)
More Information

Updated: 2020-01-29 20:01:01 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)