Launchpad.net

CVE 2011-1411

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Related bugs and status

CVE-2011-1411 (Candidate) is related to these bugs:

Bug #816315: Shibboleth Security Advisory [25 July 2011]

		In	Importance	Status
816315	Shibboleth Security Advisory [25 July 2011]	opensaml2 (Ubuntu)	Undecided	Fix Released
816315	Shibboleth Security Advisory [25 July 2011]	opensaml2 (Ubuntu Lucid)	Medium	Fix Released
816315	Shibboleth Security Advisory [25 July 2011]	opensaml2 (Ubuntu Maverick)	Medium	Fix Released
816315	Shibboleth Security Advisory [25 July 2011]	opensaml2 (Ubuntu Natty)	Medium	Won't Fix
816315	Shibboleth Security Advisory [25 July 2011]	opensaml2 (Ubuntu Oneiric)	Undecided	Fix Released

Bug #817199: opensaml2 security advisory (CVE-2011-1411)

Summary				In	Importance	Status
	817199	opensaml2 security advisory (CVE-2011-1411)		opensaml2 (Ubuntu)	Undecided	Fix Released

Bug #832695: Shibboleth Security Advisory [25 July 2011]

Summary				In	Importance	Status
	832695	Shibboleth Security Advisory [25 July 2011]		opensaml (Ubuntu)	Medium	Confirmed

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://shibboleth.inte...
DEBIAN: DSA-2284
CONFIRM: http://www.oracle.com/...
SECUNIA: 50994
MANDRIVA: MDVSA-2013:150