Launchpad.net

CVE 2018-0486

Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.

Related bugs and status

CVE-2018-0486 (Candidate) is related to these bugs:

Bug #1743762: Security bug in XMLTooling-C before 1.6.3 [CVE-2018-0486]

		In	Importance	Status
1743762	Security bug in XMLTooling-C before 1.6.3 [CVE-2018-0486]	xmltooling (Ubuntu)	Undecided	Fix Released
1743762	Security bug in XMLTooling-C before 1.6.3 [CVE-2018-0486]	xmltooling (Ubuntu Bionic)	Undecided	Fix Released
1743762	Security bug in XMLTooling-C before 1.6.3 [CVE-2018-0486]	xmltooling (Ubuntu Trusty)	Undecided	Fix Released
1743762	Security bug in XMLTooling-C before 1.6.3 [CVE-2018-0486]	xmltooling (Ubuntu Xenial)	Undecided	Fix Released
1743762	Security bug in XMLTooling-C before 1.6.3 [CVE-2018-0486]	xmltooling (Ubuntu Artful)	Undecided	Triaged

Bug #1752306: Security bug in XMLTooling-C before 1.6.4 [CVE-2018-0489]

		In	Importance	Status
1752306	Security bug in XMLTooling-C before 1.6.4 [CVE-2018-0489]	xmltooling (Ubuntu)	Undecided	Fix Released
1752306	Security bug in XMLTooling-C before 1.6.4 [CVE-2018-0489]	xmltooling (Ubuntu Bionic)	Undecided	Fix Released
1752306	Security bug in XMLTooling-C before 1.6.4 [CVE-2018-0489]	xmltooling (Ubuntu Xenial)	Undecided	Fix Released
1752306	Security bug in XMLTooling-C before 1.6.4 [CVE-2018-0489]	xmltooling (Ubuntu Trusty)	Undecided	Fix Released
1752306	Security bug in XMLTooling-C before 1.6.4 [CVE-2018-0489]	xmltooling (Ubuntu Artful)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2018-0486

Related bugs and status

Related bugs

References