CVE-2018-0486

CVE: CVE-2018-0486
Published: 2018-01-13T18:29Z
Vendor: debian
Products: debian_linux
Versions: 7.0, 8.0, 9.0,
Description Language: en
Description: Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
References:
http://www.securitytracker.com/id/1040177
https://lists.debian.org/debian-lts-announce/2018/01/msg00016.html
https://lists.debian.org/debian-security-announce/2018/msg00007.html
https://shibboleth.net/community/advisories/secadv_20180112.txt
https://www.debian.org/security/2018/dsa-4085