(Jan 12) Philip Huppert discovered the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to mishandling of DTDs in the XMLTooling XML parsing library. For additional details please refer to the upstream advisory at
Daily Archives: January 13, 2018
Debian: DSA-4086-1: libxml2 security update
(Jan 13) Nick Wellnhofer discovered that certain function calls inside XPath predicates can lead to use-after-free and double-free errors when executed by libxml2’s XPath engine via an XSLT transformation.