[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[upki-fed:01018] Shibboleth SPの脆弱性について(2016.2.26)



$B3XG'>pJs8r49(BML$B!!MxMQpJs3X8&5f=j!!3XG';vL36I$NLnED$G$9!#(B
$BJ?AG$h$j3XG'$N;v6H$K$46(NO$r;r$j!$$"$j$,$H$&$4$6$$$^$9!#(B

Shibboleth Project$B$h$j!$(BShibboleth SP$B$G;HMQ$9$k(BApache Xerces-C XML
Parser$B$K4X$9$k@Hr7o$K3:Ev$9$k>l9g$K$O@H$C$F(BSP$B$r9=C[$7$?>l9g!$(BOS$B$O(BCentOS$B$N(B5$B7O$^$?$O(B6$B7O$H$J$j(B
$B$^$9!#$3$l$i$N(BOS$B$N>l9g$K$O!$(BOS$BA4BN!$$^$?$O(BShibboleth SP$B4XO"%Q%C%1!<%8$r(B
$B:G?7HG$K%"%C%W%G!<%H$7$F$/$@$5$$!#(B[2]


https://meatwiki.nii.ac.jp/confluence/pages/viewpage.action?pageId=11666753

OS$B$r(BRHEL7$B7OE}(B(CentOS7$BEy(B)$B$G(BSP$B$r9=C[$7$?>l9g!$(BApache Xerces-C XML
Parser$B$O%G%#%9%H%j%S%e!<%7%g%s$,Ds6!$9$k%Q%C%1!<%8(B(xerces-c)$B$r;HMQ$7$^$9!#(B
2016/2/26$B;~E@$G$O%G%#%9%H%j%S%e!<%7%g%s$+$i=$@5%Q%C%1!<%8$,%j%j!<%9$5$l(B
$B$F$$$^$;$s$,!$%j%j!<%9$5$lpJs(B:

[1] CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input
    https://shibboleth.net/pipermail/announce/2016-February/000141.html
    http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt

[2] $B3XG'5;=Q%,%$%I(B SP$B%"%C%W%G!<%H$K4X$9$k>pJs(B

https://meatwiki.nii.ac.jp/confluence/pages/viewpage.action?pageId=11666753



-- 
=========================================================
$B!!9qN)>pJs3X8&5f=j(B $B3X=Q4pHW2](B $B3XG';vL36I!!!JC4Ev!'LnED!K(B
$B!!(BTEL$B!'(B03-4212-2218$B!!(xxxxxxxxxxxxxxx@xxxxxxxxx
$B!!3XG'(BWeb$B%Z!<%8(B  https://www.gakunin.jp/
$B!!?=@A%7%9%F%`(B   https://office.gakunin.nii.ac.jp/
=========================================================