RHEL 7 : python-defusedxml and python-pysaml2 (RHSA-2017:0937)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0937 advisory. The defusedxml package contains several Python-only updates for security vulnerabilities in Python's XML libraries. Defusedxml functions and classes...

RHEL 7 : python-defusedxml and python-pysaml2 (RHSA-2017:0936)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0936 advisory. The defusedxml package contains several Python-only updates for security vulnerabilities in Python's XML libraries. Defusedxml functions and classes...

RHSA-2017:0938 Red Hat Security Advisory: python-defusedxml and python-pysaml2 security update

Bulletin has no description...

RHSA-2017:0937 Red Hat Security Advisory: python-defusedxml and python-pysaml2 security update

Bulletin has no description...

RHSA-2017:0936 Red Hat Security Advisory: python-defusedxml and python-pysaml2 security update

Bulletin has no description...

CVE-2021-21238

A verification flaw was found in python-pysaml2, where it did not validate signed SAML documents against an XML schema. Because the flaw allowed invalid XML documents to be processed, a network attacker could exploit this flaw by tricking pysaml2 with a wrapped signature. Mitigation Mitigation fo...

CVE-2021-21239

A verification flaw was found in python-pysaml2, where it did not ensure that a signed SAML document was correctly signed. The default CryptoBackendXmlSec1 backend uses the xmlsec1 binary to verify the signature of signed SAML documents, but by default xmlsec1 accepts any type of key found within...

Ubuntu: Security Advisory (USN-5066-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5066-1 python-pysaml2 vulnerability

Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML documents...

Debian DLA-2577-1 : python-pysaml2 security update

Several issues have been found in python-pysaml2, a pure python implementation of SAML Version 2 Standard. CVE-2017-1000433 pysaml2 accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password. CVE-2021-21239 pysaml2 ha...

Debian: Security Advisory (DLA-2577-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2577-1] python-pysaml2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2577-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA February 26, 2021 https://wiki.debian.org/LTS -...

DLA-2577-1 python-pysaml2 - security update

Bulletin has no description...

SUSE-SU-2020:3897-1 Security update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, python-Jinja2, python-pysaml2, python-pytest, python-urllib3, release-notes-suse-openstack-cloud, spark

This update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila,...

Debian DLA-2119-1 : python-pysaml2 security update

It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification. For Debian 8 'Jessie', this problem has been fixed in version 2.0.0-1+deb8u3. We recommend...

Debian: Security Advisory (DLA-2119-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2119-1] python-pysaml2 security update

Package : python-pysaml2 Version : 2.0.0-1+deb8u3 CVE ID : CVE-2020-5390 Debian Bug : 949322 It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verificatio...

DLA-2119-1 python-pysaml2 - security update

Bulletin has no description...

Debian DSA-4630-1 : python-pysaml2 - security update

It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...

Debian: Security Advisory (DSA-4630-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...