[Bug 416802] [NEW] Update to xml-security 1.4.3 to fix CVE-2009-0217
Thierry Carrez
thierry.carrez at ubuntu.com
Fri Aug 21 06:24:20 UTC 2009
Public bug reported:
Binary package hint: libxml-security-java
Apache XML Security (Java) is affected by the vulnerability published in
US-Cert VU #466161. See: http://www.kb.cert.org/vuls/id/466161 for more
information. This bug can allow an attacker to bypass authentication by
inserting/modifying a small HMAC truncation length parameter in the XML
Signature HMAC based SignatureMethod algorithms.
Upgrading to 1.4.3 will fix this.
** Affects: libxml-security-java (Ubuntu)
Importance: High
Assignee: Thierry Carrez (ttx)
Status: Triaged
** Changed in: libxml-security-java (Ubuntu)
Importance: Undecided => High
** Changed in: libxml-security-java (Ubuntu)
Status: New => Triaged
** Changed in: libxml-security-java (Ubuntu)
Assignee: (unassigned) => Thierry Carrez (ttx)
--
Update to xml-security 1.4.3 to fix CVE-2009-0217
https://bugs.launchpad.net/bugs/416802
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list