http://bugzilla.opensuse.org/show_bug.cgi?id=922199 Bug ID: 922199 Summary: VUL-0: CVE-2015-1796: OpenSAML Java: PKIX Trust Engines Exhibit Critical Flaw In Trusted Names Evaluation Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: Other URL: http://shibboleth.net/community/advisories/secadv_2015 0225.txt OS: openSUSE 13.2 Status: NEW Severity: Normal Priority: P5 - None Component: 3rd party software Assignee: wschneider@ciscony.com Reporter: astieger@suse.com QA Contact: opensuse-communityscreening@forge.provo.novell.com CC: cantor.2@osu.edu Found By: Security Response Team Blocker: --- Got this in our incoming queue: A critical flaw has been discovered in the PKIX trust components that allows an X509 credential to be trusted in the special case where no trusted names are available for the given entityID. See External References for the complete details. Versions of OpenSAML Java < 2.6.5 Versions of the Identity Provider < 2.4.4 References: http://shibboleth.net/community/advisories/secadv_20150225.txt https://bugzilla.redhat.com/show_bug.cgi?id=1196619 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1796 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1796 -- You are receiving this mail because: You are on the CC list for the bug.