Package "ruby-saml"

Name:	ruby-saml
Description:	SAML toolkit for Ruby on Rails
Latest version:	1.15.0-1ubuntu0.24.10.2
Release:	oracular (24.10)
Level:	security
Repository:	universe
Homepage:	https://github.com/onelogin/ruby-saml

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "ruby-saml"

All arch deb package

APT INSTALL

Other versions of "ruby-saml" in Oracular

Repository	Area	Version
base	universe	1.15.0-1
updates	universe	1.15.0-1ubuntu0.24.10.2

Changelog

Version: 1.15.0-1ubuntu0.24.10.2 2025-04-02 20:06:57 UTC

ruby-saml (1.15.0-1ubuntu0.24.10.2) oracular-security; urgency=medium * SECURITY UPDATE: SAML authentication bypass and potential DOS - debian/patches/CVE-2025-25291-2.patch: prevent bypass - debian/patches/CVE-2025-25293.patch: prevent DOS abusing compressed messages - CVE-2025-25291, CVE-2025-25292, CVE-2025-25293 -- Julia Sarris <email address hidden> Mon, 24 Mar 2025 14:39:08 -0400

Source diff to previous version

CVE-2025-25291	ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-
CVE-2025-25293	ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is suscept
CVE-2025-25292	ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-

Version: 1.15.0-1ubuntu0.24.10.1 2025-02-28 03:07:29 UTC

Version: 1.15.0-1ubuntu0.24.10.1	2025-02-28 03:07:29 UTC
`ruby-saml (1.15.0-1ubuntu0.24.10.1) oracular-security; urgency=medium * SECURITY UPDATE: SAML signature wrapping authentication bypass - debian/patches/CVE-2024-45409.patch: use correct XPaths, resolve to correct elements, and block references that resolve to multiple nodes. Changes made to lib/xml_security.rb - CVE-2024-45409 -- Elise Hlady <email address hidden> Thu, 06 Feb 2025 14:42:04 -0800`

ruby-saml (1.15.0-1ubuntu0.24.10.1) oracular-security; urgency=medium * SECURITY UPDATE: SAML signature wrapping authentication bypass - debian/patches/CVE-2024-45409.patch: use correct XPaths, resolve to correct elements, and block references that resolve to multiple nodes. Changes made to lib/xml_security.rb - CVE-2024-45409 -- Elise Hlady <email address hidden> Thu, 06 Feb 2025 14:42:04 -0800

About - Send Feedback to @ubuntu_updates

Package "ruby-saml"

Links

Download "ruby-saml"

Other versions of "ruby-saml" in Oracular

Changelog

Share this page

Bookmarks

Latest updates

security

updates

proposed

PPA updates