Debian alert DLA-1410-1 (python-pysaml2)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1410-1] python-pysaml2 security update | |
| Date: | Sun, 1 Jul 2018 16:51:12 +0200 | |
| Message-ID: | <d1aef074-a4e2-3bc7-e4f5-55de0ebd125b@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : python-pysaml2 Version : 2.0.0-1+deb8u2 CVE ID : CVE-2017-1000433 Debian Bug : 886423 Pysaml2, a Python implementation of the Security Assertion Markup Language, would accept any password when run with Python optimizations enabled. This allows attackers to log in as any user without knowing their password. For Debian 8 "Jessie", this issue has been fixed in version 2.0.0-1+deb8u2. We recommend that you upgrade your python-pysaml2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAls46l9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQYnhAAutCHvhhjQ6As1QUqMMhH8Pp4+DOEpqClppVeifOdilH6Lwv1ByLWUOxp EhWDeCthEubh+V1gvh8/LPB9IcpEMXN9SiOhMKZov2Ow9G3CyJWekgIulqI+pLqp IO+yBO+1KGw7SYnvKij09EX2KtCRJDJpilVw/UIQiDRI+cTPccF4wX7Bbt8fTgSH 2Mm3Byw6DAKISNzHDaBkBbGfklFGVjqMkj2vVAtwR0Yhb/AhF+pW2QvMjCNkyD2x Hqa+PYny1io1/a4FRiqTY1PmDOJ9R7MoQmX+U0YerNKvrh+pfoJ5l15RBayZQswk JgcoFbzr8klVgIrqosyCtXjU7pm4ISGzIjuhz4AsDpgTEGTNChuPkOzCIiHzFEt9 DC/52WqqRF01NCXDlp9yVh1hKZUYbGivfD0sEGmzADXWvCvxFm5ceyP/3REj1ukX Stq84cZmxTFVl8sZrDi0BepIdzazqKfKhVV2bihP1PeYcki+nXu89Ddw2osAYRc9 0YVMSkvGoS94qTAHBPn9q5T001JP/Dpp+9Sij0eeDk5SiCKE7e9I/5UXVeVLVoj9 7X1kuebEaneYS25AJSg+/5H+M187+PH65NpZJjyBcEl+D3oRvRmjfCm9uSUOUeOY 0AC6+TBmexkAeIVQixnM0eVI5fpIOtV/ATwyxt4W9I6Z2vlHd6k= =B6Ah -----END PGP SIGNATURE-----