Security update for xmltooling SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0158-1 Final 1 1 2018-01-20T13:20:36Z current 2018-01-20T13:20:36Z 2018-01-20T13:20:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xmltooling This update for xmltooling fixes the following issues: - CVE-2018-0486: Fixed a security bug when xmltooling mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD (bsc#1075975) This update was imported from the SUSE:SLE-12-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00048.html E-Mail link for openSUSE-SU-2018:0158-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 libxmltooling-devel-1.5.6-6.1 libxmltooling6-1.5.6-6.1 xmltooling-1.5.6-6.1 xmltooling-schemas-1.5.6-6.1 libxmltooling-devel-1.5.6-6.1 as a component of openSUSE Leap 42.2 libxmltooling6-1.5.6-6.1 as a component of openSUSE Leap 42.2 xmltooling-1.5.6-6.1 as a component of openSUSE Leap 42.2 xmltooling-schemas-1.5.6-6.1 as a component of openSUSE Leap 42.2 libxmltooling-devel-1.5.6-6.1 as a component of openSUSE Leap 42.3 libxmltooling6-1.5.6-6.1 as a component of openSUSE Leap 42.3 xmltooling-1.5.6-6.1 as a component of openSUSE Leap 42.3 xmltooling-schemas-1.5.6-6.1 as a component of openSUSE Leap 42.3 Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD. CVE-2018-0486 openSUSE Leap 42.2:libxmltooling-devel-1.5.6-6.1 openSUSE Leap 42.2:libxmltooling6-1.5.6-6.1 openSUSE Leap 42.2:xmltooling-1.5.6-6.1 openSUSE Leap 42.2:xmltooling-schemas-1.5.6-6.1 openSUSE Leap 42.3:libxmltooling-devel-1.5.6-6.1 openSUSE Leap 42.3:libxmltooling6-1.5.6-6.1 openSUSE Leap 42.3:xmltooling-1.5.6-6.1 openSUSE Leap 42.3:xmltooling-schemas-1.5.6-6.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00048.html https://www.suse.com/security/cve/CVE-2018-0486.html CVE-2018-0486 https://bugzilla.suse.com/1075975 SUSE Bug 1075975 https://bugzilla.suse.com/1083247 SUSE Bug 1083247