libxmltooling-devel-3.2.0-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11523 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libxmltooling-devel-3.2.0-1.2 on GA media These are all security issues fixed in the libxmltooling-devel-3.2.0-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11523 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11523 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-0486/ SUSE CVE CVE-2018-0486 page https://www.suse.com/security/cve/CVE-2018-0489/ SUSE CVE CVE-2018-0489 page https://www.suse.com/security/cve/CVE-2019-9628/ SUSE CVE CVE-2019-9628 page openSUSE Tumbleweed libxmltooling-devel-3.2.0-1.2 libxmltooling-lite10-3.2.0-1.2 libxmltooling10-3.2.0-1.2 xmltooling-schemas-3.2.0-1.2 libxmltooling-devel-3.2.0-1.2 as a component of openSUSE Tumbleweed libxmltooling-lite10-3.2.0-1.2 as a component of openSUSE Tumbleweed libxmltooling10-3.2.0-1.2 as a component of openSUSE Tumbleweed xmltooling-schemas-3.2.0-1.2 as a component of openSUSE Tumbleweed Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD. CVE-2018-0486 openSUSE Tumbleweed:libxmltooling-devel-3.2.0-1.2 openSUSE Tumbleweed:libxmltooling-lite10-3.2.0-1.2 openSUSE Tumbleweed:libxmltooling10-3.2.0-1.2 openSUSE Tumbleweed:xmltooling-schemas-3.2.0-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-0486.html CVE-2018-0486 https://bugzilla.suse.com/1075975 SUSE Bug 1075975 https://bugzilla.suse.com/1083247 SUSE Bug 1083247 Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486. CVE-2018-0489 openSUSE Tumbleweed:libxmltooling-devel-3.2.0-1.2 openSUSE Tumbleweed:libxmltooling-lite10-3.2.0-1.2 openSUSE Tumbleweed:libxmltooling10-3.2.0-1.2 openSUSE Tumbleweed:xmltooling-schemas-3.2.0-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-0489.html CVE-2018-0489 https://bugzilla.suse.com/1083247 SUSE Bug 1083247 The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. CVE-2019-9628 openSUSE Tumbleweed:libxmltooling-devel-3.2.0-1.2 openSUSE Tumbleweed:libxmltooling-lite10-3.2.0-1.2 openSUSE Tumbleweed:libxmltooling10-3.2.0-1.2 openSUSE Tumbleweed:xmltooling-schemas-3.2.0-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9628.html CVE-2019-9628 https://bugzilla.suse.com/1129537 SUSE Bug 1129537