Fedora Account System
Red Hat Associate
Red Hat Customer
Improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0. Upstream Advisory: https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9
Created python-pysaml2 tracking bugs for this issue: Affects: epel-8 [bug 2007593] Affects: fedora-all [bug 2007592] Affects: openstack-rdo [bug 2007594]
Upstream fix: https://github.com/IdentityPython/pysaml2/commit/3b707723dcf1bf60677b424aac398c0c3557641d
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-21238