To remediate an Shibboleth SSO vulnerability (https://shibboleth.net/community/advisories/secadv_20180227.txt) I’m attempting to replace the existing libxmltooling7 library with a newer version (from 1.6.0-4 to 1.6.3).
I’ve successfully downloaded source, built dependencies, complied and verified the new library is installed in /usr/local…though dkpg -l is still showing the old version:
#
Output of dkpg -l | grep xmlt…pi libxmltooling7:amd64 1.6.0-4switchaai1~trusty1 amd64 C++ XML parsing library with encryption support (runtime)
#Am I missing a symbolic link somewhere?
Answer
Try this before installing new one :
dpkg -r --force-depends libxmltooling7
Attribution
Source : Link , Question Author : DMahn , Answer Author : Gilles Quenot