Advisories » MGASA-2015-0148

Updated shibboleth-sp packages fix CVE-2015-2684

Publication date: 15 Apr 2015
Modification date: 15 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-2684

Description

Updated shibboleth-sp package fixes security vulnerability:

A denial of service vulnerability was found in the Shibboleth Service
Provider. When processing certain malformed SAML message generated by an
authenticated attacker, the daemon could crash (CVE-2015-2684).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15556
• https://shibboleth.net/community/advisories/secadv_20150319.txt
• https://www.debian.org/security/2015/dsa-3207
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2684

SRPMS

4/core

• shibboleth-sp-2.5.3-1.1.mga4