Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="7915">
  <issue id="1083247" tracker="bnc">VUL-0: CVE-2018-0489: xmltooling: Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Providerbefore 2.6.1.4 on Windows and other products, mishandles digital signatures ofuser data, which allows remote attackers to obtain</issue>
  <issue id="2018-0489" tracker="cve" />
  <issue id="2018-0486" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>kstreitova</packager>
  <description>This update for xmltooling fixes the following issues:

- CVE-2018-0489: Fixed a security bug when xmltooling mishandled digital
  signatures of user data, which allows remote attackers to obtain
  sensitive information or conduct impersonation attacks via crafted
  XML data. NOTE: this issue exists because of an incomplete fix for
  CVE-2018-0486. (bsc#1083247)

This update was imported from the SUSE:SLE-12-SP1:Update update project.</description>
  <summary>Security update for xmltooling</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places