Public bug reported: Binary package hint: libxml-security-java
Apache XML Security (Java) is affected by the vulnerability published in US-Cert VU #466161. See: http://www.kb.cert.org/vuls/id/466161 for more information. This bug can allow an attacker to bypass authentication by inserting/modifying a small HMAC truncation length parameter in the XML Signature HMAC based SignatureMethod algorithms. Upgrading to 1.4.3 will fix this. ** Affects: libxml-security-java (Ubuntu) Importance: High Assignee: Thierry Carrez (ttx) Status: Triaged ** Changed in: libxml-security-java (Ubuntu) Importance: Undecided => High ** Changed in: libxml-security-java (Ubuntu) Status: New => Triaged ** Changed in: libxml-security-java (Ubuntu) Assignee: (unassigned) => Thierry Carrez (ttx) -- Update to xml-security 1.4.3 to fix CVE-2009-0217 https://bugs.launchpad.net/bugs/416802 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs