[SECURITY] [DSA 4630-1] python-pysaml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4630-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 21, 2020 https://www.debian.org/security/faq -...

DSA-4630-1 python-pysaml2 - security update

Bulletin has no description...

CVE-2020-5390

A verification flaw was found in python-pysaml2, where it did not check that the signature in a SAML document was enveloped, which enabled XML signature wrapping XSW attacks. A remote attacker could exploit this flaw to convince SAML processing to verify the signature and accept malicious data...

Ubuntu: Security Advisory (USN-4245-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2019:2671-1 Security update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer

This update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easydiff, sleshammer fixes the following issues: In python-pysaml2 the followin...

Ubuntu: Security Advisory (USN-3520-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3402-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-1410-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1410-1] python-pysaml2 security update

Package : python-pysaml2 Version : 2.0.0-1+deb8u2 CVE ID : CVE-2017-1000433 Debian Bug : 886423 Pysaml2, a Python implementation of the Security Assertion Markup Language, would accept any password when run with Python optimizations enabled. This allows attackers to log in as any user without...

DLA-1410-1 python-pysaml2 - security update

Bulletin has no description...

USN-3520-1: PySAML2 vulnerability

It was discovered that PySAML2 incorrectly accepted any password when run with python optimizations enabled. An attacker could use this issue to authenticate as any user without a valid password...

USN-3402-1 python-pysaml2 vulnerability

It was discovered that PySAML2 incorrectly handled certain SAML XML requests and responses. A remote attacker could use this issue to read arbitrary files...

Moderate: Red Hat Security Advisory: python-defusedxml and python-pysaml2 security update

An update for python-defusedxml and python-pysaml2 is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

python-pysaml2: Entity expansion issue

An XML entity expansion vulnerability was found in python-pysaml2. A remote attacker could send a crafted request which would cause denial of service through resource exhaustion...

python-pysaml2: Entity expansion issue

An XML entity expansion vulnerability was found in python-pysaml2. A remote attacker could send a crafted request which would cause denial of service through resource exhaustion...

python-pysaml2: Entity expansion issue

An XML entity expansion vulnerability was found in python-pysaml2. A remote attacker could send a crafted request which would cause denial of service through resource exhaustion...

Moderate: Red Hat Security Advisory: python-defusedxml and python-pysaml2 security update

An update for python-defusedxml and python-pysaml2 is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

SUSE-SU-2017:0569-1 Security update for python-pysaml2

This update for python-pysaml2 fixes the following issues: - CVE-2016-10127 and CVE-2016-10149: XXE XML external entity issues were fixed in python-pysaml2, where external requests to other XML content could be made by parsing XML files using this SAML2 library. bsc1019074 To fix this bug, the ne...

python-pysaml2 XML External Entity Injection Vulnerability

python-pysaml2 is an implementation of SAML2 written in python. An XML external entity injection vulnerability exists in python-pysaml2. An attacker could use this vulnerability to gain access to sensitive information or cause a denial of service...

Debian DSA-3759-1 : python-pysaml2 - security update

Matias P. Brutti discovered that python-pysaml2, a Python implementation of the Security Assertion Markup Language 2.0, did not correctly sanitize the XML messages it handled. This allowed a remote attacker to perform XML External Entity attacks, leading to a wide range of exploits. %NASLMINLEVEL...