[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[upki-fed:01018] Shibboleth SPの脆弱性について(2016.2.26)
- Subject: [upki-fed:01018] Shibboleth SPの脆弱性について(2016.2.26)
- Date: Fri, 26 Feb 2016 16:54:00 +0900
- From: 国立情報学研究所 学認事務局 野田 <xxxxxxxxxxxxxx@xxxxxxxxx>
$B3XG'>pJs8r49(BML$B!!MxMQpJs3X8&5f=j!!3XG';vL36I$NLnED$G$9!#(B
$BJ?AG$h$j3XG'$N;v6H$K$46(NO$r;r$j!$$"$j$,$H$&$4$6$$$^$9!#(B
Shibboleth Project$B$h$j!$(BShibboleth SP$B$G;HMQ$9$k(BApache Xerces-C XML
Parser$B$K4X$9$k@Hr7o$K3:Ev$9$k>l9g$K$O@H$C$F(BSP$B$r9=C[$7$?>l9g!$(BOS$B$O(BCentOS$B$N(B5$B7O$^$?$O(B6$B7O$H$J$j(B
$B$^$9!#$3$l$i$N(BOS$B$N>l9g$K$O!$(BOS$BA4BN!$$^$?$O(BShibboleth SP$B4XO"%Q%C%1!<%8$r(B
$B:G?7HG$K%"%C%W%G!<%H$7$F$/$@$5$$!#(B[2]
https://meatwiki.nii.ac.jp/confluence/pages/viewpage.action?pageId=11666753
OS$B$r(BRHEL7$B7OE}(B(CentOS7$BEy(B)$B$G(BSP$B$r9=C[$7$?>l9g!$(BApache Xerces-C XML
Parser$B$O%G%#%9%H%j%S%e!<%7%g%s$,Ds6!$9$k%Q%C%1!<%8(B(xerces-c)$B$r;HMQ$7$^$9!#(B
2016/2/26$B;~E@$G$O%G%#%9%H%j%S%e!<%7%g%s$+$i=$@5%Q%C%1!<%8$,%j%j!<%9$5$l(B
$B$F$$$^$;$s$,!$%j%j!<%9$5$lpJs(B:
[1] CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input
https://shibboleth.net/pipermail/announce/2016-February/000141.html
http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt
[2] $B3XG'5;=Q%,%$%I(B SP$B%"%C%W%G!<%H$K4X$9$k>pJs(B
https://meatwiki.nii.ac.jp/confluence/pages/viewpage.action?pageId=11666753
--
=========================================================
$B!!9qN)>pJs3X8&5f=j(B $B3X=Q4pHW2](B $B3XG';vL36I!!!JC4Ev!'LnED!K(B
$B!!(BTEL$B!'(B03-4212-2218$B!!(xxxxxxxxxxxxxxx@xxxxxxxxx
$B!!3XG'(BWeb$B%Z!<%8(B https://www.gakunin.jp/
$B!!?=@A%7%9%F%`(B https://office.gakunin.nii.ac.jp/
=========================================================