[SECURITY] [DSA 3207-1] shibboleth-sp2 security update

2015-03-2813:16:06

lists.debian.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

AI Score

5.7

Confidence

High

EPSS

0.004

Percentile

74.2%

JSON

Debian Security Advisory DSA-3207-1 [email protected]
http://www.debian.org/security/ Yves-Alexis Perez
March 28, 2015 http://www.debian.org/security/faq

Package : shibboleth-sp2
CVE ID : CVE-2015-2684

A denial of service vulnerability was found in the Shibboleth (an
federated identity framework) Service Provider. When processing certain
malformed SAML message generated by an authenticated attacker, the
daemon could crash.

For the stable distribution (wheezy), this problem has been fixed in
version 2.4.3+dfsg-5+deb7u1.

For the upcoming stable distribution (jessie), this problem has been
fixed in version 2.5.3+dfsg-2.

For the unstable distribution (sid), this problem has been fixed in
version 2.5.3+dfsg-2.

We recommend that you upgrade your shibboleth-sp2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6i386libapache2-mod-shib2< 2.3.1+dfsg-5+deb6u1libapache2-mod-shib2_2.3.1+dfsg-5+deb6u1_i386.deb
Debian6allshibboleth-sp2< 2.3.1+dfsg-5+deb6u1shibboleth-sp2_2.3.1+dfsg-5+deb6u1_all.deb
Debian7mipsellibshibsp-dev< 2.4.3+dfsg-5+deb7u1libshibsp-dev_2.4.3+dfsg-5+deb7u1_mipsel.deb
Debian7i386libshibsp-dev< 2.4.3+dfsg-5+deb7u1libshibsp-dev_2.4.3+dfsg-5+deb7u1_i386.deb
Debian7armellibapache2-mod-shib2< 2.4.3+dfsg-5+deb7u1libapache2-mod-shib2_2.4.3+dfsg-5+deb7u1_armel.deb
Debian7armhflibshibsp-dev< 2.4.3+dfsg-5+deb7u1libshibsp-dev_2.4.3+dfsg-5+deb7u1_armhf.deb
Debian7sparclibapache2-mod-shib2< 2.4.3+dfsg-5+deb7u1libapache2-mod-shib2_2.4.3+dfsg-5+deb7u1_sparc.deb
Debian7s390libshibsp5< 2.4.3+dfsg-5+deb7u1libshibsp5_2.4.3+dfsg-5+deb7u1_s390.deb
Debian6i386libshibsp-dev< 2.3.1+dfsg-5+deb6u1libshibsp-dev_2.3.1+dfsg-5+deb6u1_i386.deb
Debian7armhflibapache2-mod-shib2< 2.4.3+dfsg-5+deb7u1libapache2-mod-shib2_2.4.3+dfsg-5+deb7u1_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	i386	libapache2-mod-shib2	< 2.3.1+dfsg-5+deb6u1	libapache2-mod-shib2_2.3.1+dfsg-5+deb6u1_i386.deb
Debian	6	all	shibboleth-sp2	< 2.3.1+dfsg-5+deb6u1	shibboleth-sp2_2.3.1+dfsg-5+deb6u1_all.deb
Debian	7	mipsel	libshibsp-dev	< 2.4.3+dfsg-5+deb7u1	libshibsp-dev_2.4.3+dfsg-5+deb7u1_mipsel.deb
Debian	7	i386	libshibsp-dev	< 2.4.3+dfsg-5+deb7u1	libshibsp-dev_2.4.3+dfsg-5+deb7u1_i386.deb
Debian	7	armel	libapache2-mod-shib2	< 2.4.3+dfsg-5+deb7u1	libapache2-mod-shib2_2.4.3+dfsg-5+deb7u1_armel.deb
Debian	7	armhf	libshibsp-dev	< 2.4.3+dfsg-5+deb7u1	libshibsp-dev_2.4.3+dfsg-5+deb7u1_armhf.deb
Debian	7	sparc	libapache2-mod-shib2	< 2.4.3+dfsg-5+deb7u1	libapache2-mod-shib2_2.4.3+dfsg-5+deb7u1_sparc.deb
Debian	7	s390	libshibsp5	< 2.4.3+dfsg-5+deb7u1	libshibsp5_2.4.3+dfsg-5+deb7u1_s390.deb
Debian	6	i386	libshibsp-dev	< 2.3.1+dfsg-5+deb6u1	libshibsp-dev_2.3.1+dfsg-5+deb6u1_i386.deb
Debian	7	armhf	libapache2-mod-shib2	< 2.4.3+dfsg-5+deb7u1	libapache2-mod-shib2_2.4.3+dfsg-5+deb7u1_armhf.deb