| Bug ID | 922199 |
|---|---|
| Summary | VUL-0: CVE-2015-1796: OpenSAML Java: PKIX Trust Engines Exhibit Critical Flaw In Trusted Names Evaluation |
| Classification | openSUSE |
| Product | openSUSE.org |
| Version | unspecified |
| Hardware | Other |
| URL | http://shibboleth.net/community/advisories/secadv_20150225.txt |
| OS | openSUSE 13.2 |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | 3rd party software |
| Assignee | wschneider@ciscony.com |
| Reporter | astieger@suse.com |
| QA Contact | opensuse-communityscreening@forge.provo.novell.com |
| CC | cantor.2@osu.edu |
| Found By | Security Response Team |
| Blocker | --- |
Got this in our incoming queue: A critical flaw has been discovered in the PKIX trust components that allows an X509 credential to be trusted in the special case where no trusted names are available for the given entityID. See External References for the complete details. Versions of OpenSAML Java < 2.6.5 Versions of the Identity Provider < 2.4.4 References: http://shibboleth.net/community/advisories/secadv_20150225.txt https://bugzilla.redhat.com/show_bug.cgi?id=1196619 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1796 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1796