CVE-2013-2155
Publication date 20 August 2013
Last updated 24 July 2024
Ubuntu priority
Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the (1) compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3) DSIGAlgorithmHandlerDefault::verify functions.
Status
Package | Ubuntu Release | Status |
---|---|---|
xml-security-c | 13.04 raring |
Fixed 1.6.1-6~build0.13.04.1
|
12.10 quantal |
Fixed 1.6.1-6~build0.12.10.1
|
|
12.04 LTS precise |
Fixed 1.6.1-1ubuntu0.1
|
|
10.04 LTS lucid |
Fixed 1.5.1-3+squeeze2build0.10.04.1
|
Patch details
Package | Patch details |
---|---|
xml-security-c |