Nom du paquet
xmlsec1
Date
2009-12-05
Advisory ID
MDVSA-2009:318
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

Multiple security vulnerabilities has been identified and fixed
in xmlsec1:

A missing check for the recommended minimum length of the truncated
form of HMAC-based XML signatures was found in xmlsec1 prior to
1.2.12. An attacker could use this flaw to create a specially-crafted
XML file that forges an XML signature, allowing the attacker to
bypass authentication that is based on the XML Signature specification
(CVE-2009-0217).

All versions of libtool prior to 2.2.6b suffers from a local
privilege escalation vulnerability that could be exploited under
certain conditions to load arbitrary code (CVE-2009-3736).

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

This update fixes this vulnerability.

Updated packages

2008.0 i586

 b74d614ed793451440ea18c7aab434ee  2008.0/i586/libxmlsec1-1-1.2.10-5.1mdv2008.0.i586.rpm
 34cc1274710d3c2013ff4c1222d0349d  2008.0/i586/libxmlsec1-devel-1.2.10-5.1mdv2008.0.i586.rpm
 88b378d43d3ba44bad7d47c1eb5d6c5c  2008.0/i586/libxmlsec1-gnutls1-1.2.10-5.1mdv2008.0.i586.rpm
 7c7e766ab3886c57d1519b83b4b06af8  2008.0/i586/libxmlsec1-gnutls-devel-1.2.10-5.1mdv2008.0.i586.rpm
 712c732bc8ff6050fdc6dd108623e63a  2008.0/i586/libxmlsec1-nss1-1.2.10-5.1mdv2008.0.i586.rpm
 bed9636e852f4c90cd9a5891fb9395ea  2008.0/i586/libxmlsec1-nss-devel-1.2.10-5.1mdv2008.0.i586.rpm
 3e6940d49ffc024240b7116250d1f770  2008.0/i586/libxmlsec1-openssl1-1.2.10-5.1mdv2008.0.i586.rpm
 cb8d177f72966ff06a9a1e08f8c48dbe  2008.0/i586/libxmlsec1-openssl-devel-1.2.10-5.1mdv2008.0.i586.rpm
 38ae0ed435d6e5133530d5af4a33883a  2008.0/i586/xmlsec1-1.2.10-5.1mdv2008.0.i586.rpm 
 bf47e5312113b150bdcce2634254b555  2008.0/SRPMS/xmlsec1-1.2.10-5.1mdv2008.0.src.rpm

2008.0 x86_64

 2f16be60c636cc6d286258b7d331f52b  2008.0/x86_64/lib64xmlsec1-1-1.2.10-5.1mdv2008.0.x86_64.rpm
 dcbfa0192a2a1ed72d9b4f7fc4c31c7f  2008.0/x86_64/lib64xmlsec1-devel-1.2.10-5.1mdv2008.0.x86_64.rpm
 b7d5a923126d4ab43b9c9868aed26803  2008.0/x86_64/lib64xmlsec1-gnutls1-1.2.10-5.1mdv2008.0.x86_64.rpm
 041a56825a59f497dce1085bc0fcf717  2008.0/x86_64/lib64xmlsec1-gnutls-devel-1.2.10-5.1mdv2008.0.x86_64.rpm
 5f70fda9524faee1b86e14e7b092e426  2008.0/x86_64/lib64xmlsec1-nss1-1.2.10-5.1mdv2008.0.x86_64.rpm
 63c4b923f7cf4bb46e06d966a880ef6c  2008.0/x86_64/lib64xmlsec1-nss-devel-1.2.10-5.1mdv2008.0.x86_64.rpm
 62174f73e2d333da65befa79cd85c1ad  2008.0/x86_64/lib64xmlsec1-openssl1-1.2.10-5.1mdv2008.0.x86_64.rpm
 6439cacc0520e43b8280758a4a91b042  2008.0/x86_64/lib64xmlsec1-openssl-devel-1.2.10-5.1mdv2008.0.x86_64.rpm
 e4db63bda5a32757a17be8d4dcd31639  2008.0/x86_64/xmlsec1-1.2.10-5.1mdv2008.0.x86_64.rpm 
 bf47e5312113b150bdcce2634254b555  2008.0/SRPMS/xmlsec1-1.2.10-5.1mdv2008.0.src.rpm

References