Article Source Debian Security Advisories
September 27, 2009, 5:00 pm
September 27, 2009, 5:00 pm
Several vulnerabilities have been discovered in the opensaml and shibboleth-sp packages, as used by Shibboleth 1.x:
-
Chris Ries discovered that decoding a crafted URL leads to a crash (and potentially, arbitrary code execution).
-
Ian Young discovered that embedded NUL characters in certificate names were not correctly handled, exposing configurations using PKIX trust validation to impersonation attacks.
-
Incorrect processing of SAML metadata ignored key usage constraints…