USN-4925-1: Shibboleth vulnerability

22 April 2021

Shibboleth could be made to display malicious content.

Releases

Packages

Details

Toni Huttunen and Fraktal Oy discovered that the Shibboleth Service
provider allowed content injection due to allowing attacker-controlled
parameters in error or other status pages. An attacker could use this to
inject malicious content.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04

In general, a standard system update will make all the necessary changes.

References