Nome do pacote
xmlsec1
Data
2009-10-10
ID Alerta
MDVSA-2009:267
Versões afetadas
2009.0 x86_64 , MES5 i586 , 2009.1 i586 , 2009.0 i586 , 2008.1 i586 , 2008.1 x86_64 , 2009.1 x86_64 , MES5 x86_64

Descrição do problema

A vulnerability has been found and corrected in xmlsec1:

A missing check for the recommended minimum length of the truncated
form of HMAC-based XML signatures was found in xmlsec1 prior to
1.2.12. An attacker could use this flaw to create a specially-crafted
XML file that forges an XML signature, allowing the attacker to
bypass authentication that is based on the XML Signature specification
(CVE-2009-0217).

This update fixes this vulnerability.

Pacotes atualizados

2009.0 x86_64

 31c3d20e6b1d34a717772a4e439686c2  2009.0/x86_64/lib64xmlsec1-1-1.2.10-7.1mdv2009.0.x86_64.rpm
 c689e59d577bb5b278789c4118a7618c  2009.0/x86_64/lib64xmlsec1-devel-1.2.10-7.1mdv2009.0.x86_64.rpm
 5b7b2e53969e052865edead9d0f715a7  2009.0/x86_64/lib64xmlsec1-gnutls1-1.2.10-7.1mdv2009.0.x86_64.rpm
 02f857939f5450931ddf524d6d7c2300  2009.0/x86_64/lib64xmlsec1-gnutls-devel-1.2.10-7.1mdv2009.0.x86_64.rpm
 e16b2b9dd55c9e504fa5102665bda206  2009.0/x86_64/lib64xmlsec1-nss1-1.2.10-7.1mdv2009.0.x86_64.rpm
 91cbad72b3fa2cbc600b9d5bb9dfeef4  2009.0/x86_64/lib64xmlsec1-nss-devel-1.2.10-7.1mdv2009.0.x86_64.rpm
 1a36234cb7159d784965e467c834097b  2009.0/x86_64/lib64xmlsec1-openssl1-1.2.10-7.1mdv2009.0.x86_64.rpm
 ebdc55d7854500a9bf383581a1244263  2009.0/x86_64/lib64xmlsec1-openssl-devel-1.2.10-7.1mdv2009.0.x86_64.rpm
 8e059fd0e03d31b24f051877646a42fa  2009.0/x86_64/xmlsec1-1.2.10-7.1mdv2009.0.x86_64.rpm 
 c2cf86a3ea639e2d1241c8e129141353  2009.0/SRPMS/xmlsec1-1.2.10-7.1mdv2009.0.src.rpm

MES5 i586

 0084106a2bc4b970f0469c23dc30084e  mes5/i586/libxmlsec1-1-1.2.10-7.1mdvmes5.i586.rpm
 569d0ed58642f4eabcd9af1a3cb0402d  mes5/i586/libxmlsec1-devel-1.2.10-7.1mdvmes5.i586.rpm
 9380b3121a2e489cdeff709fab033379  mes5/i586/libxmlsec1-gnutls1-1.2.10-7.1mdvmes5.i586.rpm
 ddf6b63d02850e9e07b2f130a2a2d2e6  mes5/i586/libxmlsec1-gnutls-devel-1.2.10-7.1mdvmes5.i586.rpm
 dbf22baa4022b6d6625fc75b7cbf4bab  mes5/i586/libxmlsec1-nss1-1.2.10-7.1mdvmes5.i586.rpm
 69fd3bebdac3b66b2905c6c7a077a089  mes5/i586/libxmlsec1-nss-devel-1.2.10-7.1mdvmes5.i586.rpm
 6f96e59feee66ecae20270df86aea965  mes5/i586/libxmlsec1-openssl1-1.2.10-7.1mdvmes5.i586.rpm
 3613da5ca1c60d2ea16523804270013d  mes5/i586/libxmlsec1-openssl-devel-1.2.10-7.1mdvmes5.i586.rpm
 6e3742296ac15407bb1012efd48d608d  mes5/i586/xmlsec1-1.2.10-7.1mdvmes5.i586.rpm 
 219a23cc35df25ca711a026647e13e3d  mes5/SRPMS/xmlsec1-1.2.10-7.1mdvmes5.src.rpm

2009.1 i586

 463cbcb0217b1a3b38a8be50ee3f3c54  2009.1/i586/libxmlsec1-1-1.2.10-8.1mdv2009.1.i586.rpm
 720e8f608efb57405b85c887190bd007  2009.1/i586/libxmlsec1-devel-1.2.10-8.1mdv2009.1.i586.rpm
 e56b286a1a9ff2048e4161d1c6750ac7  2009.1/i586/libxmlsec1-gnutls1-1.2.10-8.1mdv2009.1.i586.rpm
 ea3b894c699ed5cb3d250a2815363845  2009.1/i586/libxmlsec1-gnutls-devel-1.2.10-8.1mdv2009.1.i586.rpm
 df6e7309597adeeec626f072ba9b10a1  2009.1/i586/libxmlsec1-nss1-1.2.10-8.1mdv2009.1.i586.rpm
 bd7d8418b77dc58657a3e7b2278fc7bf  2009.1/i586/libxmlsec1-nss-devel-1.2.10-8.1mdv2009.1.i586.rpm
 8f5b2f6b6191af698aef68c4c31b848f  2009.1/i586/libxmlsec1-openssl1-1.2.10-8.1mdv2009.1.i586.rpm
 1f5f51ec2a562a9668508b7e8f1edf79  2009.1/i586/libxmlsec1-openssl-devel-1.2.10-8.1mdv2009.1.i586.rpm
 dda711479dc6ac367a72880900884118  2009.1/i586/xmlsec1-1.2.10-8.1mdv2009.1.i586.rpm 
 b2c8957e3cf68dd729ed999b1a8df4d4  2009.1/SRPMS/xmlsec1-1.2.10-8.1mdv2009.1.src.rpm

2009.0 i586

 aef90b767a2e184dc2a2eec96cf2dd63  2009.0/i586/libxmlsec1-1-1.2.10-7.1mdv2009.0.i586.rpm
 68ab430e0b63ec94f626168812909f5e  2009.0/i586/libxmlsec1-devel-1.2.10-7.1mdv2009.0.i586.rpm
 932558e556911a0247fd96ca9af785d4  2009.0/i586/libxmlsec1-gnutls1-1.2.10-7.1mdv2009.0.i586.rpm
 a58e62c9234f4e3b2f6180b552348940  2009.0/i586/libxmlsec1-gnutls-devel-1.2.10-7.1mdv2009.0.i586.rpm
 d377cfb8e2bc4ec3457d7133b1e35a84  2009.0/i586/libxmlsec1-nss1-1.2.10-7.1mdv2009.0.i586.rpm
 839c04900e607dba7e2431f711191521  2009.0/i586/libxmlsec1-nss-devel-1.2.10-7.1mdv2009.0.i586.rpm
 7359aade4fce3137d90f1c4bca721f1d  2009.0/i586/libxmlsec1-openssl1-1.2.10-7.1mdv2009.0.i586.rpm
 ba579a3d4cd326a1f055ef0943dbee73  2009.0/i586/libxmlsec1-openssl-devel-1.2.10-7.1mdv2009.0.i586.rpm
 82059801976d099e449944998126fda9  2009.0/i586/xmlsec1-1.2.10-7.1mdv2009.0.i586.rpm 
 c2cf86a3ea639e2d1241c8e129141353  2009.0/SRPMS/xmlsec1-1.2.10-7.1mdv2009.0.src.rpm

2008.1 i586

 388b774554e4872b7aa863c8c8d3597c  2008.1/i586/libxmlsec1-1-1.2.10-6.1mdv2008.1.i586.rpm
 fb14b0f6a2f4fd24219e2452557751cc  2008.1/i586/libxmlsec1-devel-1.2.10-6.1mdv2008.1.i586.rpm
 326ce38b3d0600524984eb130244935f  2008.1/i586/libxmlsec1-gnutls1-1.2.10-6.1mdv2008.1.i586.rpm
 3a5069b48d3790f5387bf0b889c0b33e  2008.1/i586/libxmlsec1-gnutls-devel-1.2.10-6.1mdv2008.1.i586.rpm
 eebce4a7e7013ff9e32b5d4f5b1eeb13  2008.1/i586/libxmlsec1-nss1-1.2.10-6.1mdv2008.1.i586.rpm
 2a6ba4dd01ab9ea497bcff0f67538fb3  2008.1/i586/libxmlsec1-nss-devel-1.2.10-6.1mdv2008.1.i586.rpm
 975bd585cabd4af6a33f83894105d546  2008.1/i586/libxmlsec1-openssl1-1.2.10-6.1mdv2008.1.i586.rpm
 486748866cfd54a77dd7193c1125d9e2  2008.1/i586/libxmlsec1-openssl-devel-1.2.10-6.1mdv2008.1.i586.rpm
 47d546bca4d9eabbd6156e32651b1d75  2008.1/i586/xmlsec1-1.2.10-6.1mdv2008.1.i586.rpm 
 8eac3805b6f992c9203a66d5b35c3085  2008.1/SRPMS/xmlsec1-1.2.10-6.1mdv2008.1.src.rpm

2008.1 x86_64

 7484ba0791bd8706b852c2ae187e8786  2008.1/x86_64/lib64xmlsec1-1-1.2.10-6.1mdv2008.1.x86_64.rpm
 771e9bd35a2901a224435f6d99885014  2008.1/x86_64/lib64xmlsec1-devel-1.2.10-6.1mdv2008.1.x86_64.rpm
 4b94e2c01cb70e38d670f6d97ccc3082  2008.1/x86_64/lib64xmlsec1-gnutls1-1.2.10-6.1mdv2008.1.x86_64.rpm
 e94a47d77ebc1b9d25861e83d5b56686  2008.1/x86_64/lib64xmlsec1-gnutls-devel-1.2.10-6.1mdv2008.1.x86_64.rpm
 3cc3249f6da0b6d215a9b8b57f2b9b69  2008.1/x86_64/lib64xmlsec1-nss1-1.2.10-6.1mdv2008.1.x86_64.rpm
 09ce0f59062744d8ee0129255b99e48c  2008.1/x86_64/lib64xmlsec1-nss-devel-1.2.10-6.1mdv2008.1.x86_64.rpm
 7cd72245babca168b5160c201b3650d0  2008.1/x86_64/lib64xmlsec1-openssl1-1.2.10-6.1mdv2008.1.x86_64.rpm
 682073d947d961647cafb6bc80ad3206  2008.1/x86_64/lib64xmlsec1-openssl-devel-1.2.10-6.1mdv2008.1.x86_64.rpm
 90fddbd13802bf1cef89e4948063ada8  2008.1/x86_64/xmlsec1-1.2.10-6.1mdv2008.1.x86_64.rpm 
 8eac3805b6f992c9203a66d5b35c3085  2008.1/SRPMS/xmlsec1-1.2.10-6.1mdv2008.1.src.rpm

2009.1 x86_64

 c54eade2b73fb50287f0bdc9c8f7b746  2009.1/x86_64/lib64xmlsec1-1-1.2.10-8.1mdv2009.1.x86_64.rpm
 4a062d6f23f6136faaa56376be7f8459  2009.1/x86_64/lib64xmlsec1-devel-1.2.10-8.1mdv2009.1.x86_64.rpm
 56c33b45f3e24d4f397565dee1f72026  2009.1/x86_64/lib64xmlsec1-gnutls1-1.2.10-8.1mdv2009.1.x86_64.rpm
 1bd20c0d3045cef364c42c56cc7df6d1  2009.1/x86_64/lib64xmlsec1-gnutls-devel-1.2.10-8.1mdv2009.1.x86_64.rpm
 bf92e675998bc1fefcfe5cc3f5a569a0  2009.1/x86_64/lib64xmlsec1-nss1-1.2.10-8.1mdv2009.1.x86_64.rpm
 168787927b24a7da78717d4c246685bd  2009.1/x86_64/lib64xmlsec1-nss-devel-1.2.10-8.1mdv2009.1.x86_64.rpm
 404498bd0f6e29dda4d556fdcce71e4a  2009.1/x86_64/lib64xmlsec1-openssl1-1.2.10-8.1mdv2009.1.x86_64.rpm
 18058e3ee91a4b39a6ac7cf3c9dbc34f  2009.1/x86_64/lib64xmlsec1-openssl-devel-1.2.10-8.1mdv2009.1.x86_64.rpm
 602e5da1b10bbdd38ed65d1620821c83  2009.1/x86_64/xmlsec1-1.2.10-8.1mdv2009.1.x86_64.rpm 
 b2c8957e3cf68dd729ed999b1a8df4d4  2009.1/SRPMS/xmlsec1-1.2.10-8.1mdv2009.1.src.rpm

MES5 x86_64

 a303d9680fca6ca97704d93e0a75fb03  mes5/x86_64/lib64xmlsec1-1-1.2.10-7.1mdvmes5.x86_64.rpm
 8266c60eb8803dd449b382769aede1a2  mes5/x86_64/lib64xmlsec1-devel-1.2.10-7.1mdvmes5.x86_64.rpm
 1f7f31d8c01ed6b7103e5518c22361e9  mes5/x86_64/lib64xmlsec1-gnutls1-1.2.10-7.1mdvmes5.x86_64.rpm
 914e15b7fc8b0fb27db816b8cdcd6b4b  mes5/x86_64/lib64xmlsec1-gnutls-devel-1.2.10-7.1mdvmes5.x86_64.rpm
 779f85417bcc1dfcfd74816c8d45bf14  mes5/x86_64/lib64xmlsec1-nss1-1.2.10-7.1mdvmes5.x86_64.rpm
 5b3f264fbe31533d326c962c7da38880  mes5/x86_64/lib64xmlsec1-nss-devel-1.2.10-7.1mdvmes5.x86_64.rpm
 80b5562a1902d0ad3ec16cea6c9d2ee6  mes5/x86_64/lib64xmlsec1-openssl1-1.2.10-7.1mdvmes5.x86_64.rpm
 96838c1c267b78f9244787016f4927a3  mes5/x86_64/lib64xmlsec1-openssl-devel-1.2.10-7.1mdvmes5.x86_64.rpm
 cb87ad0ded731d499eab63c4808610c6  mes5/x86_64/xmlsec1-1.2.10-7.1mdvmes5.x86_64.rpm 
 219a23cc35df25ca711a026647e13e3d  mes5/SRPMS/xmlsec1-1.2.10-7.1mdvmes5.src.rpm

Referências