SynopsisThe remote Debian host is missing a security-related update.
DescriptionIt was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater.
SolutionUpgrade the xml-security-c packages.
For the old stable distribution (etch), this problem has been fixed in version 1.2.1-3+etch1.
For the stable distribution (lenny), this problem has been fixed in version 1.4.0-3+lenny2.