Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 24 Jun 2016 10:14:46 -0700
From: Alvaro Hoyos <>
Subject: [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml
 prior to version 1.3.0

Ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping
attack. Ruby-saml users must update to 1.3.0 version which implements 3
extra validations to mitigate this kind of attack.

Overall CVSS Score 6.1

Fix: Add extra validations to prevent Signature wrapping attacks [1]


alvaro j hoyos | chief information security officer | | +1 415.653.1893 | skype: alvaroonelogin

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ