-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEyMDHOTG0YH5UsajI8pSCVQZYHygFAmflOb8FAwAAAAAACgkQ8pSCVQZYHyiR
fQ//a2sHmyWnYG17svApnhKPIX9DrxcEaddGRXaRxAWol4XhHDXLWpzdDhPnZYtzXnZ+wAtBg6rd
HaGpPvRvxN0E2zPh8yxLJKs/cwi1ycZYo9lGa1fgQf5/m6pf2gZ6OlTh0v1AHjyuwm8kiPJvUvpc
cPBYlMmg3fz71GhSHlVV62kAhiergC17hhnXgLdkUQm7nAfjKCv/2RI+VLxYFFIhg08joL+HGlta
tpFoW9Xo2eaHDctVlpAhjPGhFw0aTShAf0LLvB1O4YINlT9cx7W+7/Agjlpzn/Nr+d4878wnO8+X
hXU/U0ZkMUVUymRrTdEv7sgVRf08SGpIEq9ooU9i3tTfpxRSNNLqY0OMWhLd3h4mgI9lAeZU+lZe
Ax7uhEC2azPzPGhWFGniG6dd47OhSSsx2J1nvsa9ORiYPgjXA/9FK3lD5vIFMcDDnuCJbgsUZ9Q1
DaIBLHElKJeMIju0z0+ZEapMz9QJDq0J96Q1WrB2sXQKU3MUbj6S4o2Nq8ejaJ8AOGAe5HlG9F9X
zMBtKm+EX/EPmxKIviA28N7bz1BZIkSQ+gno3f3az1Vz7ubBRHpEm5wxy+qw1ITfNJv33Nfw00oM
qkxeokhvbMHRtEXwI/rU1Umpa9ba2kt1W9VMJnqW/HtRKgaokSRf1PjRHtgy7MHsJLuuMNcBqZRs
Sro=
=Zqh/
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7364-1
March 21, 2025
opensaml vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
OpenSAML and OpenSAML2 could have their authentication systems bypassed.
Software Description:
- opensaml: Security Assertion Markup Language library (development)
- opensaml2: Security Assertion Markup Language library (development)
Details:
Alexander Tan discovered that the OpenSAML C++ library was susceptible to
forging of signed SAML messages. An attacker could possibly use this issue
to gain unauthorized access to a system and manipulate sensitive
information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libsaml-dev 3.2.1-4.1ubuntu0.24.10.1
libsaml12t64 3.2.1-4.1ubuntu0.24.10.1
opensaml-schemas 3.2.1-4.1ubuntu0.24.10.1
opensaml-tools 3.2.1-4.1ubuntu0.24.10.1
Ubuntu 24.04 LTS
libsaml-dev 3.2.1-4.1ubuntu0.24.04.1
libsaml12t64 3.2.1-4.1ubuntu0.24.04.1
opensaml-schemas 3.2.1-4.1ubuntu0.24.04.1
opensaml-tools 3.2.1-4.1ubuntu0.24.04.1
Ubuntu 22.04 LTS
libsaml-dev 3.2.1-1ubuntu0.1
libsaml12 3.2.1-1ubuntu0.1
opensaml-schemas 3.2.1-1ubuntu0.1
opensaml-tools 3.2.1-1ubuntu0.1
Ubuntu 20.04 LTS
libsaml-dev 3.0.1-1ubuntu0.1
libsaml10 3.0.1-1ubuntu0.1
opensaml-schemas 3.0.1-1ubuntu0.1
opensaml-tools 3.0.1-1ubuntu0.1
Ubuntu 18.04 LTS
libsaml2-dev 2.6.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
libsaml9 2.6.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
opensaml2-schemas 2.6.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
opensaml2-tools 2.6.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libsaml2-dev 2.5.5-1ubuntu0.1+esm1
Available with Ubuntu Pro
libsaml8v5 2.5.5-1ubuntu0.1+esm1
Available with Ubuntu Pro
opensaml2-schemas 2.5.5-1ubuntu0.1+esm1
Available with Ubuntu Pro
opensaml2-tools 2.5.5-1ubuntu0.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7364-1
https://launchpad.net/bugs/2103420
Package Information:
https://launchpad.net/ubuntu/+source/opensaml/3.2.1-4.1ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/opensaml/3.2.1-4.1ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/opensaml/3.2.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/opensaml/3.0.1-1ubuntu0.1
No comments:
Post a Comment