Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 448
Alerts This Week
Warning Icon 1 448

Ubuntu: shibboleth-sp Critical Database Exposure USN-5994-1

debian
Calendar Grey September 7, 2025
Debian Logo
The Debian Security Advisory DSA-5994-1 reveals a severe SQL vulnerability in the Shibboleth Service Provider, threatening sensitive data. Adhere to update guidelines for system security
Florian Stuhlmann discovered a SQL vulnerability in the ODBC plugin in the Shibboleth Service Provider which may result in information leak

Summary

For additional information please refer to the upstream advisory at
https://shibboleth.net/community/advisories/secadv_20250903.txt

For the oldstable distribution (bookworm), this problem has been fixed
in version 3.4.1+dfsg-2+deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 3.5.0+dfsg-2+deb13u1.

We recommend that you upgrade your shibboleth-sp packages.

For the detailed security status of shibboleth-sp please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/source-package/shibboleth-sp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.