"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1895-2 security@debian.org
http://www.debian.org/security/ Florian Weimer
October 09, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : opensaml2, shibboleth-sp2
Vulnerability : interpretation conflict
Problem type : remote
Debian-specific: no
Debian Bugs : 549936
In DSA-1895-1, the xmltooling package was updated to address several
security issues. It turns out that the change related to SAML
metadata processing for key constraints caused problems when applied
without the matching changes in the opensaml2 and shibboleth-sp2
packages.
For the stable distribution (lenny), this problem has been fixed in
version 2.0-2+lenny1 of the opensaml2 packages, and version
2.0.dfsg1-4+lenny1 of the shibboleth-sp2 packages.
We recommend that you upgrade your opensaml2 and shibboleth-sp2
packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2_2.0.dfsg1-4+lenny1.dsc
Size/MD5 checksum: 1671 6aa8c0c382f42d56da0d02a8dac190f1
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2_2.0.orig.tar.gz
Size/MD5 checksum: 705058 85968f3c72cb789b11c9d01209e4d46b
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2_2.0-2+lenny1.dsc
Size/MD5 checksum: 1449 5c628a5dd4614555953e410a78009298
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2_2.0.dfsg1-4+lenny1.diff.gz
Size/MD5 checksum: 14500 df59094fab5f3714e6ce67b298d9fbf3
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2_2.0.dfsg1.orig.tar.gz
Size/MD5 checksum: 726871 836fccbf614fc8edfc1fdbefcf0ba489
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2_2.0-2+lenny1.diff.gz
Size/MD5 checksum: 6582 2c4fe0169aa897da269107fe43727965
Architecture independent packages:
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-schemas_2.0-2+lenny1_all.deb
Size/MD5 checksum: 22936 3524f5c9de24e6dd6ce655099534a5ec
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-doc_2.0.dfsg1-4+lenny1_all.deb
Size/MD5 checksum: 216996 38cac8e6036637aa770ba325ae3ea83b
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2-schemas_2.0.dfsg1-4+lenny1_all.deb
Size/MD5 checksum: 15144 eb73f6bbbdcc8152f7f29b78a7855282
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-doc_2.0-2+lenny1_all.deb
Size/MD5 checksum: 320978 8f55a5e0788336b563241aa9787e4f19
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_alpha.deb
Size/MD5 checksum: 30830 56a3df9d8f29260549dc1b0ad30c6c73
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_alpha.deb
Size/MD5 checksum: 935782 bc072664522bf99d89c9e59b7ee5795a
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_alpha.deb
Size/MD5 checksum: 44900 d077afefbc80465fda7d6e667edaafe0
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_alpha.deb
Size/MD5 checksum: 240726 71c5d7f685d8bad8af9f6ff5cb87c664
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_alpha.deb
Size/MD5 checksum: 1274606 31de8f52a00560f1d20944c80bbf0d22
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_alpha.deb
Size/MD5 checksum: 39718 fa0a1060a3f753708acab07e93b65a87
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_amd64.deb
Size/MD5 checksum: 28296 41e3a07a37cd11363659bc7023d8177c
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_amd64.deb
Size/MD5 checksum: 1191192 50e10dd708890b191da818107c3f096d
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_amd64.deb
Size/MD5 checksum: 39652 ccaf41767ce12ea968ca6576fce2823c
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_amd64.deb
Size/MD5 checksum: 837168 39d5089edf6211e96882f2ae4588b6a8
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_amd64.deb
Size/MD5 checksum: 228302 ce589d6fb8521b93ab5b9fef89378037
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_amd64.deb
Size/MD5 checksum: 44682 a4d2f8e45f3f661e96d7313bac7656a4
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_arm.deb
Size/MD5 checksum: 44896 17ea3c69e9d21e0759e3109c0175913c
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_arm.deb
Size/MD5 checksum: 941464 188e5856c70f4d8e08de03e0d91ce366
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_arm.deb
Size/MD5 checksum: 27094 750261b1f04d9e16ce9bbd861059cd96
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_arm.deb
Size/MD5 checksum: 39952 3221a4f083df6236921972158f491d9c
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_arm.deb
Size/MD5 checksum: 1163622 5369ed1621f18fb85d4703832ad5f231
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_arm.deb
Size/MD5 checksum: 231604 0e3dc0417fd70c9e6bb5f6aee63c4f0a
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_armel.deb
Size/MD5 checksum: 765524 3c3b71c126d50bf4883fd58869f2a133
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_armel.deb
Size/MD5 checksum: 207720 e5220cdc47fd5e5e4bc5602a7e2d99dc
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_armel.deb
Size/MD5 checksum: 24600 ce97a126c129ed4d0c30e2f490a2eab7
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_armel.deb
Size/MD5 checksum: 1035706 771d54bf77b72c49154fc7f7be1cb6ba
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_armel.deb
Size/MD5 checksum: 44926 030d1eec0ef851c4b41ab4ddf52cd6a0
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_armel.deb
Size/MD5 checksum: 39846 c38394855f48998098bf6a8c0bdc5a62
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_hppa.deb
Size/MD5 checksum: 44546 49c45b474566ca66a0bbb064f70b36c9
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_hppa.deb
Size/MD5 checksum: 29280 d1128630e5184f1be48732a592f0e111
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_hppa.deb
Size/MD5 checksum: 251416 2127a441e9ddbd4436c71e979ac4d6cd
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_hppa.deb
Size/MD5 checksum: 1021120 0b5895841efc534a288c2b0f9f0d44f1
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_hppa.deb
Size/MD5 checksum: 40474 8b92606081de571a55fc9ed1db334607
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_hppa.deb
Size/MD5 checksum: 1389712 1689c625e8c87f48f22410a418d12126
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_i386.deb
Size/MD5 checksum: 222978 f8908475a24de500f9aa1f11fd75bb6c
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_i386.deb
Size/MD5 checksum: 826468 1301ae230768c43c463a7fa085e847d8
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_i386.deb
Size/MD5 checksum: 27144 df2b8fc5a60848b3a54192a0be6d3f35
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_i386.deb
Size/MD5 checksum: 40514 2f8cb186b21f2660a63d40e4bb3b128d
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_i386.deb
Size/MD5 checksum: 1083130 63ea9161789ff202276eaecd54613bb6
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_i386.deb
Size/MD5 checksum: 44708 9d6f997e516acd7dfc2a4576d0d701db
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_ia64.deb
Size/MD5 checksum: 33370 7bcfb306d217b6abb2cb09f0b72a84b1
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_ia64.deb
Size/MD5 checksum: 1134276 50b44e8348d63ee5ea77fb9755370c43
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_ia64.deb
Size/MD5 checksum: 272016 a15dac0c0201ff9509af73ad9b9c48dd
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_ia64.deb
Size/MD5 checksum: 1490790 053ada6c14ef2b4cd7825f6d1139b2b5
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_ia64.deb
Size/MD5 checksum: 39634 9f415c71ced4c28061c3588aa035a139
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_ia64.deb
Size/MD5 checksum: 44668 dd7968be9dd0703a18ee9fd43ce57387
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_mips.deb
Size/MD5 checksum: 1193346 1958fed6138b6b3a224c77b6bc87fab5
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_mips.deb
Size/MD5 checksum: 215050 cfaa6dca8ab996395eec8ba9bffd9eab
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_mips.deb
Size/MD5 checksum: 26546 f4d7e06fb0ab64138011d2ebcdc33f60
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_mips.deb
Size/MD5 checksum: 773074 f9bd74b9ac18785a26fc0fdd25a1941a
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_mips.deb
Size/MD5 checksum: 39660 1e624a5658850a00698a6959b3494adb
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_mips.deb
Size/MD5 checksum: 44690 f0ced9e82160529de6a33dd5be9fa706
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_mipsel.deb
Size/MD5 checksum: 39662 50463c8b0b7a37ebba173f5aa5272dbe
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_mipsel.deb
Size/MD5 checksum: 44690 3c60f54d3d252b8fbfc1fc8758af3fe5
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_mipsel.deb
Size/MD5 checksum: 213566 5f5bf808bc84bafdbb930efeb9c84faf
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_mipsel.deb
Size/MD5 checksum: 1089608 f8e4496360adacf0459a4cc922a1bf7d
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_mipsel.deb
Size/MD5 checksum: 26414 c69addcb8a7a0d43f6a097dce6d9e17a
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_mipsel.deb
Size/MD5 checksum: 763756 b2452b82015e3829bf0a09ab787bb4af
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_powerpc.deb
Size/MD5 checksum: 44688 d5a2832f8f12694d2e2ab69d4bd9a115
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_powerpc.deb
Size/MD5 checksum: 882708 3b3056c8a0443aa4975946e1dc9405b8
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_powerpc.deb
Size/MD5 checksum: 39660 b1adc0e456e0d1293a35ef0622f81747
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_powerpc.deb
Size/MD5 checksum: 31266 c0f82be8e04402e7cccca76baad27f2f
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_powerpc.deb
Size/MD5 checksum: 1289772 eb1e6a3713d3da339ff938fbe92b9740
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_powerpc.deb
Size/MD5 checksum: 244556 05b5597ead8759f29d5123521bc077e6
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_s390.deb
Size/MD5 checksum: 39636 6daa58c84e48127842d9d10df99ea650
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_s390.deb
Size/MD5 checksum: 44670 ede9b5074a594b9d7862656fb9bc2d54
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_s390.deb
Size/MD5 checksum: 28102 21006123a481c07598bbda9c28910242
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_s390.deb
Size/MD5 checksum: 842940 00b7331d1d43657db0153270ee48b608
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_s390.deb
Size/MD5 checksum: 228976 c3cd3436628fbfc54c5e81b64337fd5c
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_s390.deb
Size/MD5 checksum: 1232786 e6bfb07496f8a784c7c14ccddb13bcb0
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_sparc.deb
Size/MD5 checksum: 44786 8fe9aaf8edf3376f542c588f943efe38
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_sparc.deb
Size/MD5 checksum: 1344028 3476df618788100bef4f94c60c1d11e1
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_sparc.deb
Size/MD5 checksum: 217634 e4303df657ea167c9b739ff806630988
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_sparc.deb
Size/MD5 checksum: 40194 c5e11badb02698b274c997f021ae2034
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_sparc.deb
Size/MD5 checksum: 27242 322badc2e57d276e7b1526d92139a40e
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_sparc.deb
Size/MD5 checksum: 1005082 2f6018d031659572bbb3d257b9d5e47d
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJKz4hLAAoJEL97/wQC1SS+FlUH/2V1Q2nxLcghbyYqrfC061Hw
jQMJ/rY9LVxiUNOiagt+fansus3zW2sA/2UMKiSCcNX6NNC8rexXyL9ul1KxKrgq
JF+15JuhgcEAvAZYc8IQuqlLS31i2v+/+GwflSlMMvWww3GziRGeEoSRia//6aNk
rrcPQ1+bGtQEjhfmkT0iFEPdPLGg+Y9w1xz2uFj56SSWKFsxDEuPpPvSYFx24quG
1AmQYsKAclRxjNa9FNrj4bl52fPKh9CWSJwpg4K/uxEdapGqwUYlK3APbuKI9QkY
oa9TUPxIUMk6ZQCK7ICcVDgdykc1d/bJFERTkPO2mEHMri6EkdxiBAQ37fP4/Zo=
=yIuX
-----END PGP SIGNATURE-----
"
DSA 1898-1: New openswan packages fix denial of serviceRihanna saved millions on new home
This entry was posted
on 1:10 PM
.
Archives
-
▼
2009
(488)
-
▼
October
(44)
- DSA 1915-1: New Linux 2.6.26 packages fix several ...
- RHSA-2009:1529-01 Moderate: samba security update
- USN-850-2: poppler regression
- GLSA 200910-03 Adobe Reader: Multiple vulnerabili...
- DSA 1919-1: New smarty packages fix several vulner...
- DSA 1917-1: New mimetex packages fix several vulne...
- DSA 1912-2: New advi packages fix arbitrary code e...
- GLSA 200910-02 Pidgin: Multiple vulnerabilities
- USN-850-1: poppler vulnerabilities
- RHSA-2009:1522-01 Moderate: kernel security and bu...
- RHSA-2009:1512-01 Important: kdegraphics security ...
- DSA 1912-1: New camlimages fix arbitrary code exec...
- DSA 1913-1: New bugzilla packages fix SQL injection
- DSA 1911-1: New pygresql packages provide secure e...
- RHSA-2009:1499-01 Critical: acroread security update
- RHSA-2009:1501-01 Important: xpdf security update
- USN-848-1: Zope vulnerabilities
- RHSA-2009:1503-01 Important: gpdf security update
- RHSA-2009:1505-01 Moderate: java-1.4.2-ibm securit...
- RHSA-2009:1504-01 Important: poppler security and ...
- DSA 1910-1: New mysql-ocaml packages provide secur...
- USN-849-1: libsndfile vulnerabilities
- RHSA-2009:1502-01 Important: kdegraphics security ...
- RHSA-2009:1513-01 Moderate: cups security update
- USN-847-1: Devscripts vulnerability
- DSA 1895-2: New opensaml2 and shibboleth-sp2 packa...
- DSA 1906-1: End-of-life announcement for clamav in...
- USN-846-1: ICU vulnerability
- USN-845-1: Pan vulnerability
- RHSA-2009:1484-01 Moderate: postgresql security up...
- USN-843-1: BackupPC vulnerability
- USN-842-1: Wget vulnerability
- USN-841-1: GLib vulnerability
- DSA 1902-1: New elinks packages fix arbitrary code...
- DSA 1899-1: New strongswan packages fix denial of ...
- DSA 1901-1: New mediawiki1.7 packages fix several ...
- RHSA-2009:1471-01 Important: elinks security update
- USN-839-1: Samba vulnerabilities
- DSA 1898-1: New openswan packages fix denial of se...
- RHSA-2009:1470-01 Moderate: openssh security update
- USN-838-1: Dovecot vulnerabilities
- RHSA-2009:1472-01 Moderate: xen security and bug f...
- RHSA-2009:1469-01 Important: kernel security update
- RHSA-2009:1455-01 Moderate: kernel security and bu...
-
▼
October
(44)