UBUNTU-CVE-2018-0489
- Source
- https://ubuntu.com/security/CVE-2018-0489
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-0489.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2018-0489
- Related
- Published
- 2018-02-27T15:29:00Z
- Modified
- 2025-01-13T10:21:32Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.
- References
Affected packages
Ubuntu:14.04:LTS / xmltooling
Package
- Name
- xmltooling
- Purl
- pkg:deb/ubuntu/xmltooling@1.5.3-2+deb8u3build0.14.04.1?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.5.3-2+deb8u3build0.14.04.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "high",
"binaries": [
{
"binary_version": "1.5.3-2+deb8u3build0.14.04.1",
"binary_name": "libxmltooling-dev"
},
{
"binary_version": "1.5.3-2+deb8u3build0.14.04.1",
"binary_name": "libxmltooling-doc"
},
{
"binary_version": "1.5.3-2+deb8u3build0.14.04.1",
"binary_name": "libxmltooling6"
},
{
"binary_version": "1.5.3-2+deb8u3build0.14.04.1",
"binary_name": "libxmltooling6-dbgsym"
},
{
"binary_version": "1.5.3-2+deb8u3build0.14.04.1",
"binary_name": "xmltooling-schemas"
}
]
}
Ubuntu:16.04:LTS / xmltooling
Package
- Name
- xmltooling
- Purl
- pkg:deb/ubuntu/xmltooling@1.5.6-2ubuntu0.2?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.5.6-2ubuntu0.2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "high",
"binaries": [
{
"binary_version": "1.5.6-2ubuntu0.2",
"binary_name": "libxmltooling-dev"
},
{
"binary_version": "1.5.6-2ubuntu0.2",
"binary_name": "libxmltooling-doc"
},
{
"binary_version": "1.5.6-2ubuntu0.2",
"binary_name": "libxmltooling6v5"
},
{
"binary_version": "1.5.6-2ubuntu0.2",
"binary_name": "libxmltooling6v5-dbgsym"
},
{
"binary_version": "1.5.6-2ubuntu0.2",
"binary_name": "xmltooling-schemas"
}
]
}
Ubuntu:18.04:LTS / xmltooling
Package
- Name
- xmltooling
- Purl
- pkg:deb/ubuntu/xmltooling@1.6.4-1ubuntu2?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.6.4-1ubuntu2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "high",
"binaries": [
{
"binary_version": "1.6.4-1ubuntu2",
"binary_name": "libxmltooling-dev"
},
{
"binary_version": "1.6.4-1ubuntu2",
"binary_name": "libxmltooling-doc"
},
{
"binary_version": "1.6.4-1ubuntu2",
"binary_name": "libxmltooling7"
},
{
"binary_version": "1.6.4-1ubuntu2",
"binary_name": "libxmltooling7-dbgsym"
},
{
"binary_version": "1.6.4-1ubuntu2",
"binary_name": "xmltooling-schemas"
}
]
}