Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
open-vm-tools.30359
CVE-20230-20900.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-20230-20900.patch of Package open-vm-tools.30359
From eb4f36dfeb8b89443f7d5ade03316ba49a295eee Mon Sep 17 00:00:00 2001 From: John Wolfe <jwolfe@vmware.com> Date: Fri, 18 Aug 2023 11:23:53 -0700 Subject: [PATCH] Address CVE-2023-20900 VGAuth: Allow only X509 certs to verify the SAML token signature. --- open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c index f5541a9..0b2a945 100644 --- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c +++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c @@ -1335,7 +1335,14 @@ VerifySignature(xmlDocPtr doc, */ bRet = RegisterID(xmlDocGetRootElement(doc), "ID"); if (bRet == FALSE) { - g_warning("failed to register ID\n"); + g_warning("Failed to register ID\n"); + goto done; + } + + /* Use only X509 certs to validate the signature */ + if (xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData), + BAD_CAST xmlSecKeyDataX509Id) < 0) { + g_warning("Failed to limit allowed key data\n"); goto done; } -- 2.6.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor