Security update for xmltooling
This update for xmltooling fixes the following issues:
- CVE-2018-0489: Fixed a security bug when xmltooling mishandled digital
signatures of user data, which allows remote attackers to obtain
sensitive information or conduct impersonation attacks via crafted
XML data. NOTE: this issue exists because of an incomplete fix for
CVE-2018-0486. (bsc#1083247)
This update was imported from the SUSE:SLE-12-SP1:Update update project.
- Submitted by Kristyna Streitova (kstreitova)
Fixed bugs
bnc#1083247
VUL-0: CVE-2018-0489: xmltooling: Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Providerbefore 2.6.1.4 on Windows and other products, mishandles digital signatures ofuser data, which allows remote attackers to obtain