Security update for xmltooling
This update for xmltooling fixes the following issues:
- CVE-2018-0486: Fixed a security bug when xmltooling mishandles digital
signatures of user attribute data, which allows remote attackers to obtain
sensitive information or conduct impersonation attacks via a crafted DTD
(bsc#1075975)
This update was imported from the SUSE:SLE-12-SP1:Update update project.
-
Submitted by
Kristyna Streitova (kstreitova)
Fixed bugs
bnc#1075975
VUL-0: CVE-2018-0486: xmltooling: Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Providerbefore 2.6.0 on Windows and other products, mishandles digital signatures ofuser attribute data
