Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

Ubuntu 21.04: 5066-1 Moderate: PySAML2 Signature Validation Issue

ubuntu
Calendar Grey September 8, 2021
Dist Ubuntu Esm H88
A vulnerability in python-pysaml2 permits erroneous SAML documents, impacting Ubuntu versions 21.04, 20.04 LTS, and 18.04 LTS.
PySAML2 could be made to accept invalid SAML documents.

Summary

PySAML2 could be made to accept invalid SAML documents.

Software Description:

- python-pysaml2: Pure python implementation of SAML2

Details:

Brian Wolff discovered that PySAML2 incorrectly validated cryptographic

signatures. A remote attacker could possibly use this issue to alter SAML

documents.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
  python3-pysaml2                 6.1.0-0ubuntu1.21.04.1

Ubuntu 20.04 LTS:
  python3-pysaml2                 4.9.0-0ubuntu3.1

Ubuntu 18.04 LTS:
  python-pysaml2                  4.0.2-0ubuntu3.2
  python3-pysaml2                 4.0.2-0ubuntu3.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5066-1

CVE-2021-21239

Severity
important
Lowest
Low
Medium
High
Critical

September 08, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.