Debian: DSA-1895-2: New opensaml2 and shibboleth-sp2 packages fix regression

    Date09 Oct 2009
    CategoryDebian
    41
    Posted ByLinuxSecurity Advisories
    In DSA-1895-1, the xmltooling package was updated to address several security issues. It turns out that the change related to SAML metadata processing for key constraints caused problems when applied without the matching changes in the opensaml2 and shibboleth-sp2
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1895-2                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Florian Weimer
    October 09, 2009                      http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : opensaml2, shibboleth-sp2
    Vulnerability  : interpretation conflict
    Problem type   : remote
    Debian-specific: no
    Debian Bugs    : 549936
    
    In DSA-1895-1, the xmltooling package was updated to address several
    security issues.  It turns out that the change related to SAML
    metadata processing for key constraints caused problems when applied
    without the matching changes in the opensaml2 and shibboleth-sp2
    packages.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 2.0-2+lenny1 of the opensaml2 packages, and version
    2.0.dfsg1-4+lenny1 of the shibboleth-sp2 packages.
    
    We recommend that you upgrade your opensaml2 and shibboleth-sp2
    packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2_2.0.dfsg1-4+lenny1.dsc
        Size/MD5 checksum:     1671 6aa8c0c382f42d56da0d02a8dac190f1
      http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2_2.0.orig.tar.gz
        Size/MD5 checksum:   705058 85968f3c72cb789b11c9d01209e4d46b
      http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2_2.0-2+lenny1.dsc
        Size/MD5 checksum:     1449 5c628a5dd4614555953e410a78009298
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2_2.0.dfsg1-4+lenny1.diff.gz
        Size/MD5 checksum:    14500 df59094fab5f3714e6ce67b298d9fbf3
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2_2.0.dfsg1.orig.tar.gz
        Size/MD5 checksum:   726871 836fccbf614fc8edfc1fdbefcf0ba489
      http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2_2.0-2+lenny1.diff.gz
        Size/MD5 checksum:     6582 2c4fe0169aa897da269107fe43727965
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-schemas_2.0-2+lenny1_all.deb
        Size/MD5 checksum:    22936 3524f5c9de24e6dd6ce655099534a5ec
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-doc_2.0.dfsg1-4+lenny1_all.deb
        Size/MD5 checksum:   216996 38cac8e6036637aa770ba325ae3ea83b
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2-schemas_2.0.dfsg1-4+lenny1_all.deb
        Size/MD5 checksum:    15144 eb73f6bbbdcc8152f7f29b78a7855282
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-doc_2.0-2+lenny1_all.deb
        Size/MD5 checksum:   320978 8f55a5e0788336b563241aa9787e4f19
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_alpha.deb
        Size/MD5 checksum:    30830 56a3df9d8f29260549dc1b0ad30c6c73
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_alpha.deb
        Size/MD5 checksum:   935782 bc072664522bf99d89c9e59b7ee5795a
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_alpha.deb
        Size/MD5 checksum:    44900 d077afefbc80465fda7d6e667edaafe0
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_alpha.deb
        Size/MD5 checksum:   240726 71c5d7f685d8bad8af9f6ff5cb87c664
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_alpha.deb
        Size/MD5 checksum:  1274606 31de8f52a00560f1d20944c80bbf0d22
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_alpha.deb
        Size/MD5 checksum:    39718 fa0a1060a3f753708acab07e93b65a87
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_amd64.deb
        Size/MD5 checksum:    28296 41e3a07a37cd11363659bc7023d8177c
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_amd64.deb
        Size/MD5 checksum:  1191192 50e10dd708890b191da818107c3f096d
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_amd64.deb
        Size/MD5 checksum:    39652 ccaf41767ce12ea968ca6576fce2823c
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_amd64.deb
        Size/MD5 checksum:   837168 39d5089edf6211e96882f2ae4588b6a8
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_amd64.deb
        Size/MD5 checksum:   228302 ce589d6fb8521b93ab5b9fef89378037
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_amd64.deb
        Size/MD5 checksum:    44682 a4d2f8e45f3f661e96d7313bac7656a4
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_arm.deb
        Size/MD5 checksum:    44896 17ea3c69e9d21e0759e3109c0175913c
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_arm.deb
        Size/MD5 checksum:   941464 188e5856c70f4d8e08de03e0d91ce366
      http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_arm.deb
        Size/MD5 checksum:    27094 750261b1f04d9e16ce9bbd861059cd96
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_arm.deb
        Size/MD5 checksum:    39952 3221a4f083df6236921972158f491d9c
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_arm.deb
        Size/MD5 checksum:  1163622 5369ed1621f18fb85d4703832ad5f231
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_arm.deb
        Size/MD5 checksum:   231604 0e3dc0417fd70c9e6bb5f6aee63c4f0a
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_armel.deb
        Size/MD5 checksum:   765524 3c3b71c126d50bf4883fd58869f2a133
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_armel.deb
        Size/MD5 checksum:   207720 e5220cdc47fd5e5e4bc5602a7e2d99dc
      http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_armel.deb
        Size/MD5 checksum:    24600 ce97a126c129ed4d0c30e2f490a2eab7
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_armel.deb
        Size/MD5 checksum:  1035706 771d54bf77b72c49154fc7f7be1cb6ba
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_armel.deb
        Size/MD5 checksum:    44926 030d1eec0ef851c4b41ab4ddf52cd6a0
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_armel.deb
        Size/MD5 checksum:    39846 c38394855f48998098bf6a8c0bdc5a62
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_hppa.deb
        Size/MD5 checksum:    44546 49c45b474566ca66a0bbb064f70b36c9
      http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_hppa.deb
        Size/MD5 checksum:    29280 d1128630e5184f1be48732a592f0e111
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_hppa.deb
        Size/MD5 checksum:   251416 2127a441e9ddbd4436c71e979ac4d6cd
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_hppa.deb
        Size/MD5 checksum:  1021120 0b5895841efc534a288c2b0f9f0d44f1
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_hppa.deb
        Size/MD5 checksum:    40474 8b92606081de571a55fc9ed1db334607
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_hppa.deb
        Size/MD5 checksum:  1389712 1689c625e8c87f48f22410a418d12126
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_i386.deb
        Size/MD5 checksum:   222978 f8908475a24de500f9aa1f11fd75bb6c
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_i386.deb
        Size/MD5 checksum:   826468 1301ae230768c43c463a7fa085e847d8
      http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_i386.deb
        Size/MD5 checksum:    27144 df2b8fc5a60848b3a54192a0be6d3f35
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_i386.deb
        Size/MD5 checksum:    40514 2f8cb186b21f2660a63d40e4bb3b128d
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_i386.deb
        Size/MD5 checksum:  1083130 63ea9161789ff202276eaecd54613bb6
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_i386.deb
        Size/MD5 checksum:    44708 9d6f997e516acd7dfc2a4576d0d701db
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_ia64.deb
        Size/MD5 checksum:    33370 7bcfb306d217b6abb2cb09f0b72a84b1
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_ia64.deb
        Size/MD5 checksum:  1134276 50b44e8348d63ee5ea77fb9755370c43
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_ia64.deb
        Size/MD5 checksum:   272016 a15dac0c0201ff9509af73ad9b9c48dd
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_ia64.deb
        Size/MD5 checksum:  1490790 053ada6c14ef2b4cd7825f6d1139b2b5
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_ia64.deb
        Size/MD5 checksum:    39634 9f415c71ced4c28061c3588aa035a139
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_ia64.deb
        Size/MD5 checksum:    44668 dd7968be9dd0703a18ee9fd43ce57387
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_mips.deb
        Size/MD5 checksum:  1193346 1958fed6138b6b3a224c77b6bc87fab5
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_mips.deb
        Size/MD5 checksum:   215050 cfaa6dca8ab996395eec8ba9bffd9eab
      http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_mips.deb
        Size/MD5 checksum:    26546 f4d7e06fb0ab64138011d2ebcdc33f60
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_mips.deb
        Size/MD5 checksum:   773074 f9bd74b9ac18785a26fc0fdd25a1941a
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_mips.deb
        Size/MD5 checksum:    39660 1e624a5658850a00698a6959b3494adb
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_mips.deb
        Size/MD5 checksum:    44690 f0ced9e82160529de6a33dd5be9fa706
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_mipsel.deb
        Size/MD5 checksum:    39662 50463c8b0b7a37ebba173f5aa5272dbe
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_mipsel.deb
        Size/MD5 checksum:    44690 3c60f54d3d252b8fbfc1fc8758af3fe5
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_mipsel.deb
        Size/MD5 checksum:   213566 5f5bf808bc84bafdbb930efeb9c84faf
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_mipsel.deb
        Size/MD5 checksum:  1089608 f8e4496360adacf0459a4cc922a1bf7d
      http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_mipsel.deb
        Size/MD5 checksum:    26414 c69addcb8a7a0d43f6a097dce6d9e17a
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_mipsel.deb
        Size/MD5 checksum:   763756 b2452b82015e3829bf0a09ab787bb4af
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_powerpc.deb
        Size/MD5 checksum:    44688 d5a2832f8f12694d2e2ab69d4bd9a115
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_powerpc.deb
        Size/MD5 checksum:   882708 3b3056c8a0443aa4975946e1dc9405b8
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_powerpc.deb
        Size/MD5 checksum:    39660 b1adc0e456e0d1293a35ef0622f81747
      http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_powerpc.deb
        Size/MD5 checksum:    31266 c0f82be8e04402e7cccca76baad27f2f
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_powerpc.deb
        Size/MD5 checksum:  1289772 eb1e6a3713d3da339ff938fbe92b9740
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_powerpc.deb
        Size/MD5 checksum:   244556 05b5597ead8759f29d5123521bc077e6
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_s390.deb
        Size/MD5 checksum:    39636 6daa58c84e48127842d9d10df99ea650
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_s390.deb
        Size/MD5 checksum:    44670 ede9b5074a594b9d7862656fb9bc2d54
      http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_s390.deb
        Size/MD5 checksum:    28102 21006123a481c07598bbda9c28910242
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_s390.deb
        Size/MD5 checksum:   842940 00b7331d1d43657db0153270ee48b608
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_s390.deb
        Size/MD5 checksum:   228976 c3cd3436628fbfc54c5e81b64337fd5c
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_s390.deb
        Size/MD5 checksum:  1232786 e6bfb07496f8a784c7c14ccddb13bcb0
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny1_sparc.deb
        Size/MD5 checksum:    44786 8fe9aaf8edf3376f542c588f943efe38
      http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny1_sparc.deb
        Size/MD5 checksum:  1344028 3476df618788100bef4f94c60c1d11e1
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny1_sparc.deb
        Size/MD5 checksum:   217634 e4303df657ea167c9b739ff806630988
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny1_sparc.deb
        Size/MD5 checksum:    40194 c5e11badb02698b274c997f021ae2034
      http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny1_sparc.deb
        Size/MD5 checksum:    27242 322badc2e57d276e7b1526d92139a40e
      http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny1_sparc.deb
        Size/MD5 checksum:  1005082 2f6018d031659572bbb3d257b9d5e47d
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.