CVE-2011-1411
Published: 2 September 2011
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Priority
Status
| Package | Release | Status |
|---|---|---|
|
opensaml Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
opensaml2 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Released
(2.3-1ubuntu0.1)
|
|
| maverick |
Released
(2.3-2+squeeze1build0.10.10.1)
|
|
| natty |
Ignored
(end of life)
|
|
| oneiric |
Not vulnerable
(2.4.3-1)
|
|
| precise |
Not vulnerable
(2.4.3-1)
|
|
| quantal |
Not vulnerable
(2.4.3-1)
|
|
| upstream |
Released
(2.4.3-1)
|
|
|
Patches: vendor: http://www.debian.org/security/2011/dsa-2284 |
||