Discover Government News

MGASA-2022-0481 - Updated sogo packages fix security vulnerability

Publication date: 30 Dec 2022
URL: https://advisories.mageia.org/MGASA-2022-0481.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-33054

Missing SAML signature validation in the SOGo groupware could result in
impersonation attacks. (CVE-2021-33054)

References:
- https://bugs.mageia.org/show_bug.cgi?id=29255
- https://www.debian.org/lts/security/2021/dla-2707
- https://www.debian.org/security/2021/dsa-5029
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33054

SRPMS:
- 8/core/sogo-5.6.0-1.mga8
- 8/core/sope-5.6.0-1.1.mga8

Mageia 2022-0481: sogo security update

Missing SAML signature validation in the SOGo groupware could result in impersonation attacks

Summary

Missing SAML signature validation in the SOGo groupware could result in impersonation attacks. (CVE-2021-33054)

References

- https://bugs.mageia.org/show_bug.cgi?id=29255

- https://www.debian.org/lts/security/2021/dla-2707

- https://www.debian.org/security/2021/dsa-5029

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33054

Resolution

MGASA-2022-0481 - Updated sogo packages fix security vulnerability

SRPMS

- 8/core/sogo-5.6.0-1.mga8

- 8/core/sope-5.6.0-1.1.mga8

Severity
Publication date: 30 Dec 2022
URL: https://advisories.mageia.org/MGASA-2022-0481.html
Type: security
CVE: CVE-2021-33054

Related News