CVE-2013-2153

Published: 20 August 2013

The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue."

Priority

Status

Package	Release	Status
xml-security-c Launchpad, Ubuntu, Debian	lucid	Released (1.5.1-3+squeeze2build0.10.04.1)
	precise	Released (1.6.1-1ubuntu0.1)
	quantal	Released (1.6.1-6~build0.12.10.1)
	raring	Released (1.6.1-6~build0.13.04.1)
	upstream	Released (1.6.1-6)
	Patches: vendor: http://www.debian.org/security/2013/dsa-2710

References

https://www.cve.org/CVERecord?id=CVE-2013-2153
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/bugs/1192874

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›