- ------------------------------------------------------------------------- Debian Security Advisory DSA-3065-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 06, 2014 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxml-security-java CVE ID : CVE-2013-2172 Debian Bug : 720375 James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures. For the stable distribution (wheezy), this problem has been fixed in version 1.4.5-1+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 1.5.5-2. For the unstable distribution (sid), this problem has been fixed in version 1.5.5-2. We recommend that you upgrade your libxml-security-java packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected]
Debian: DSA-3065-1: libxml-security-java security update
November 6, 2014
James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicaliza...
Summary
James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures. For the stable distribution (wheezy), this problem has been fixed in version 1.4.5-1+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 1.5.5-2. For the unstable distribution (sid), this problem has been fixed in version 1.5.5-2. We recommend that you upgrade your libxml-security-java packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected]
Debian Security Advisory DSA-3065-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 06, 2014 https://www.debian.org/security/faq
Severity
Package : libxml-security-java
CVE ID : CVE-2013-2172
Debian Bug : 720375
News
HOWTOs
Features
Secure Linux Hosting for Businesses
What Is Threat Intelligence?
CloudLinux Simplifies & Enhances Linux Security with its TuxCare Unified Enterprise Support Services
LinuxSecurity, Leading Provider of Linux Security News and Information, Unveils its New Website
Biden’s New Executive Cybersecurity Order Highlights the Power of Open-Source Security
About Us
Powered By
