A security flaw was found in the way Apache Santuario-C++ (AKA xml-security-c), a C++ language implementation of W3C security standards for XML, processed certain DSIG <Reference> elements. When loading the XML file and reviewing the content of a <Reference> elements used by the signer in the Signature, the xml-security-c library was (previously) not checking if that element did not contain EntityReference nodes, which allowed an attacker to bypass the signature verification process (make the signature verification process to succeed also for arbitrary forged content).
Red Hat would like to thank Scott Cantor of Apache Santuario-C++ upstream for reporting of this issue. Upstream acknowledges James Forshaw of Context Information Security as the original issue reporter.
This issue affects the versions of the xml-security-c package, as shipped with Fedora release of 17 and 18.
This issue affects the versions of the xml-security-c package, as shipped with Fedora EPEL-5 and Fedora EPEL-6.
Created xml-security-c tracking bugs for this issue
Affects: fedora-all [bug 975304]
Affects: epel-all [bug 975305]