Security update for opensaml SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:3241-1 Final 1 1 2017-12-08T07:30:06Z current 2017-12-08T07:30:06Z 2017-12-08T07:30:06Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opensaml This update for opensaml fixes the following issues: Security issue fixed: - CVE-2017-16853: Fix the DynamicMetadataProvider class to properly configure itself with the MetadataFilter plugins, to avoid possible MITM attacks (bsc#1068685). This update was imported from the SUSE:SLE-12-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00019.html E-Mail link for openSUSE-SU-2017:3241-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 libsaml-devel-2.5.5-6.1 libsaml8-2.5.5-6.1 opensaml-2.5.5-6.1 opensaml-bin-2.5.5-6.1 opensaml-schemas-2.5.5-6.1 libsaml-devel-2.5.5-6.1 as a component of openSUSE Leap 42.2 libsaml8-2.5.5-6.1 as a component of openSUSE Leap 42.2 opensaml-2.5.5-6.1 as a component of openSUSE Leap 42.2 opensaml-bin-2.5.5-6.1 as a component of openSUSE Leap 42.2 opensaml-schemas-2.5.5-6.1 as a component of openSUSE Leap 42.2 libsaml-devel-2.5.5-6.1 as a component of openSUSE Leap 42.3 libsaml8-2.5.5-6.1 as a component of openSUSE Leap 42.3 opensaml-2.5.5-6.1 as a component of openSUSE Leap 42.3 opensaml-bin-2.5.5-6.1 as a component of openSUSE Leap 42.3 opensaml-schemas-2.5.5-6.1 as a component of openSUSE Leap 42.3 The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105. CVE-2017-16853 openSUSE Leap 42.2:libsaml-devel-2.5.5-6.1 openSUSE Leap 42.2:libsaml8-2.5.5-6.1 openSUSE Leap 42.2:opensaml-2.5.5-6.1 openSUSE Leap 42.2:opensaml-bin-2.5.5-6.1 openSUSE Leap 42.2:opensaml-schemas-2.5.5-6.1 openSUSE Leap 42.3:libsaml-devel-2.5.5-6.1 openSUSE Leap 42.3:libsaml8-2.5.5-6.1 openSUSE Leap 42.3:opensaml-2.5.5-6.1 openSUSE Leap 42.3:opensaml-bin-2.5.5-6.1 openSUSE Leap 42.3:opensaml-schemas-2.5.5-6.1 important 7.1 AV:N/AC:H/Au:N/C:C/I:C/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00019.html https://www.suse.com/security/cve/CVE-2017-16853.html CVE-2017-16853 https://bugzilla.suse.com/1068685 SUSE Bug 1068685