Ubuntu 4925-1: Shibboleth vulnerability

Advisories

==========================================================================
Ubuntu Security Notice USN-4925-1
April 22, 2021

shibboleth-sp vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Shibboleth could be made to display malicious content.

Software Description:
- shibboleth-sp: Federated web single sign-on system

Details:

Toni Huttunen and Fraktal Oy discovered that the Shibboleth Service
provider allowed content injection due to allowing attacker-controlled
parameters in error or other status pages. An attacker could use this to
inject malicious content.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  libapache2-mod-shib             3.0.4+dfsg1-1ubuntu0.1
  libshibsp-plugins               3.0.4+dfsg1-1ubuntu0.1
  libshibsp8                      3.0.4+dfsg1-1ubuntu0.1
  shibboleth-sp-common            3.0.4+dfsg1-1ubuntu0.1
  shibboleth-sp-utils             3.0.4+dfsg1-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-4925-1
  CVE-2021-28963

Package Information:
  https://launchpad.net/ubuntu/+source/shibboleth-sp/3.0.4+dfsg1-1ubuntu0.1

Ubuntu 4925-1: Shibboleth vulnerability

April 22, 2021

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Shibboleth could be made to display malicious content. Software Description: - shibboleth-sp: Federated web single sign-on system Details: Toni Huttunen and Fraktal Oy discovered that the Shibboleth Service provider allowed content injection due to allowing attacker-controlled parameters in error or other status pages. An attacker could use this to inject malicious content.

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libapache2-mod-shib 3.0.4+dfsg1-1ubuntu0.1 libshibsp-plugins 3.0.4+dfsg1-1ubuntu0.1 libshibsp8 3.0.4+dfsg1-1ubuntu0.1 shibboleth-sp-common 3.0.4+dfsg1-1ubuntu0.1 shibboleth-sp-utils 3.0.4+dfsg1-1ubuntu0.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4925-1

CVE-2021-28963

Severity
Ubuntu Security Notice USN-4925-1

Package Information

https://launchpad.net/ubuntu/+source/shibboleth-sp/3.0.4+dfsg1-1ubuntu0.1

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.