[SECURITY] [DLA 4300-1] shibboleth-sp security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 4300-1] shibboleth-sp security update
From: rouca@debian.org
Date: Sun, 14 Sep 2025 22:55:03 +0200
Message-id: <[🔎] 6d3e575aa871c2516e50b0faaf702e50@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4300-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien RoucariÃ¨s
September 14, 2025                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : shibboleth-sp
Version        : 3.2.2+dfsg1-1+deb11u1
CVE ID         : CVE-2025-9943
Debian Bug     : 1114506

Florian Stuhlmann discovered a SQL vulnerability in the ODBC plugin in the
Shibboleth Service Provider which may result in information leak.

For Debian 11 bullseye, this problem has been fixed in version
3.2.2+dfsg1-1+deb11u1.

We recommend that you upgrade your shibboleth-sp packages.

For the detailed security status of shibboleth-sp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/shibboleth-sp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmjHK6YACgkQADoaLapB
CF/NrQ/9EZLrDqNBvFbMppU+7LIyiaGCP4K+9D134myIxm9vkWrmZ+kmoV8vjaOq
AZXBqp8JiBO/hqAlO8z+SSnRsSH5kja+5VdNWvTiBZnOP4Gw6Qv5nUlwiaHnBQ2G
mO0I72rfAl7c2QaL03yTiRc+iPPjxiJgCncTpss6JxWzfPwY7GdEMOd3lCOx6TJy
GghFPUBLUrVpoZoiVFMr4fdmmw1JcwyMjJCBPO08I1pF93QIxJodiw2wVM3VLwnD
YVapWPN1zoc+5MiI24xiDLoBQfUVPvjzhaoSYJ4DsiTVIiScdXg9pOThdyWz7hxk
wYLZFKJcOc/di7iCDtcjCcAJOk+nisUwCOAevX4yVgA5lZCQc3RwjTDbI170kIH0
bc4yArpO2HCx2LENdVm0P3cs9d1y14ZJPkCCT8CGLgGJgbdbevycqCIxGJ4VSsfb
ljdxnXat+Prk2Czy5WRgl8cN2ud3AhUUnkNrmLj1inrPi4Xw1tDSMNLBlp4GWvMY
tGpJ8Wmzna7bI41X3IF9spTeT/oXpRA3Ze3iK+XBehbDkL9WEuRH9/7qSt0Lx5h9
SbNRzqMKwu17KL+w1w+4NtJ8kTUEIyvbb9MrXTpbjHSb+wzNNb4YAUSi2SobnxBb
X1/vA2nYqPdI7rl00YW2b2/bhdP2YVs08uOMlVAxaPqjnqci0XI=
=UNnW
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4299-1] jetty9 security update
Next by Date: [SECURITY] [DLA 4302-1] node-sha.js security update
Previous by thread: [SECURITY] [DLA 4299-1] jetty9 security update
Next by thread: [SECURITY] [DLA 4302-1] node-sha.js security update
Index(es):
- Date
- Thread