SB2019110673 - Input validation error in Debian Linux

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2011-4625)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.

Remediation

Install update from vendor's website.

References

• https://security-tracker.debian.org/tracker/CVE-2011-4625
• https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545