| Package | python-pysaml2 |
|---|---|
| Version | 2.0.0-1+deb8u4 (jessie) |
| Related CVEs | CVE-2021-21239 |
A certificate verification bypass vulnerability was discovered in
python-pysaml2, a library for exchanging SAML authentication tokens.
The default CryptoBackendXmlSec1 backend used the xmlsec1 binary to verify the
signature of signed SAML documents but, by default, xmlsec1 accepted any type
of key found within the given document; xmlsec1 actually needs to be
configured explicitly to only use only x509 certificates for the verification
process of the SAML document signature.
For Debian 8 jessie, these problems have been fixed in version 2.0.0-1+deb8u4.
We recommend that you upgrade your python-pysaml2 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.