Description of problem: http://shibboleth.internet2.edu/secadv/secadv_20110725.txt Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
It was reported that the Shibboleth Project's OpenSAML software was vulnerable to XML signature wrapping attacks. Version 2.4.3 corrects this flaw.
Created opensaml tracking bugs for this issue Affects: fedora-all [bug 725557]
xmltooling 1.4.2 / opensaml 2.4.3 build in rawhide
The vulnerability has been addressed in: opensaml-2.4.3-1 (rawhide) opensaml-2.3-6 (f16 updates-testing, submitted for stable) opensaml-2.3-4 (f15 updates)