SUSE CVE-2017-16852

shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

SUSE CVE-2017-16853

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

SUSE-SU-2017:3234-1 Security update for opensaml

This update for opensaml fixes the following issues: Security issue fixed: - CVE-2017-16853: Fix the DynamicMetadataProvider class to properly configure itself with the MetadataFilter plugins, to avoid possible MITM attacks bsc1068685...

Debian DSA-4038-1 : shibboleth-sp2 - security update

Rod Widdowson of Steading System Software LLP discovered a coding error in the 'Dynamic' metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform. See...

[SECURITY] [DSA 4038-1] shibboleth-sp2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4038-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 16, 2017 https://www.debian.org/security/faq -...

CVE-2017-16852

shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

UBUNTU-CVE-2017-16853

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

CVE-2017-16852

Removed by vendor...

FreeBSD : shibboleth2-sp -- 'Dynamic' metadata provider plugin issue (b4b7ec7d-ca27-11e7-a12d-6cc21735f730)

The Internet2 community reports : The Shibboleth Service Provider software includes a MetadataProvider plugin with the plugin type 'Dynamic' to obtain metadata on demand from a query server, in place of the more typical mode of downloading aggregates separately containing all of the metadata to...

Debian: Security Advisory (DSA-4038-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...