Skip to main content
OCLC Support

OpenSAML-C PlusPlus library and service provider advisory

Applies to

  • EZproxy

Answer

A parameter manipulation vulnerability has been reported when using C++ and a versions of the OpenSAML library below V3.3.1.

Is EZproxy affected?  No, EZproxy is not impacted.  It is not coded in C++ and does not utilize any OpenSAML library.

Key points regarding EZproxy's implementation include:

  • No usage of OpenSAML headers, dependencies, or function calls.
  • SAML functionality is implemented using XMLSec, OpenSSL, and custom code.
  • Dependencies include libxmlsec1.a, libxmlsec1-openssl.a, libxml2.a, libssl.a, and libcrypto.a.
  • There are no references to OpenSAML in the build configuration.

 

Additional information

For more details on this advisory, please refer to: https://shibboleth.net/pipermail/ann...ch/000337.html
 

Page ID

62672