CVE-2009-3476

Published: 29 September 2009

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.

Priority

Status

Package	Release	Status
opensaml Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Ignored (end of life)
	intrepid	Released (1.1.1-2+lenny1build0.8.10.2)
	jaunty	Released (1.1.1-2+lenny1build0.9.04.2)
	karmic	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	upstream	Released (1.1.3)
shibboleth-sp Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Ignored (end of life)
	intrepid	Ignored (end of life, was needed)
	jaunty	Released (1.3.1.dfsg1-3+lenny1build0.9.04.2)
	karmic	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	upstream	Released (1.3.4)
xmltooling Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Does not exist
	intrepid	Released (1.0-2+lenny1build0.8.10.1)
	jaunty	Released (1.0-2+lenny1build0.9.04.1)
	karmic	Ignored (end of life)
	lucid	Not vulnerable (1.2.2-1)
	maverick	Not vulnerable (1.2.2-1)
	natty	Not vulnerable (1.2.2-1)
	oneiric	Not vulnerable (1.2.2-1)
	upstream	Released (1.2.2-1)

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2009-3476

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading