Debian Security Advisory
DSA-3207-1 shibboleth-sp2 -- security update
- Date Reported:
- 28 Mar 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-2684.
- More information:
A denial of service vulnerability was found in the Shibboleth (an federated identity framework) Service Provider. When processing certain malformed SAML message generated by an authenticated attacker, the daemon could crash.
For the stable distribution (wheezy), this problem has been fixed in version 2.4.3+dfsg-5+deb7u1.
For the upcoming stable distribution (jessie), this problem has been fixed in version 2.5.3+dfsg-2.
For the unstable distribution (sid), this problem has been fixed in version 2.5.3+dfsg-2.
We recommend that you upgrade your shibboleth-sp2 packages.