[USN-6274-1] XMLTooling vulnerability
ian.constantin at canonical.com
Thu Aug 3 18:47:04 UTC 2023
Ubuntu Security Notice USN-6274-1
August 03, 2023
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
XMLTooling could be made to allow for unintended server side actions
if it received specially crafted input.
- xmltooling: C++ XML parsing library with encryption support
Jurien de Jong discovered that XMLTooling did not properly handle certain
KeyInfo element content within an XML signature. An attacker could possibly
use this issue to achieve server-side request forgery.
The problem can be corrected by updating your system to the following
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
After a standard system update you need to restart the
shibd process to make all the necessary changes.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 665 bytes
Desc: OpenPGP digital signature
More information about the ubuntu-security-announce