UbuntuUpdates.org

Package "ruby-saml"

Name: ruby-saml

Description:

SAML toolkit for Ruby on Rails
Latest version: 1.15.0-1ubuntu0.24.10.2
Release: oracular (24.10)
Level: updates
Repository: universe
Homepage: https://github.com/onelogin/ruby-saml

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ruby-saml"

All arch deb package
APT INSTALL

Other versions of "ruby-saml" in Oracular

Repository Area Version
base universe 1.15.0-1
security universe 1.15.0-1ubuntu0.24.10.2

Changelog

Version: 1.15.0-1ubuntu0.24.10.2 2025-04-02 22:07:39 UTC

  ruby-saml (1.15.0-1ubuntu0.24.10.2) oracular-security; urgency=medium

  * SECURITY UPDATE: SAML authentication bypass and potential DOS
    - debian/patches/CVE-2025-25291-2.patch: prevent bypass
    - debian/patches/CVE-2025-25293.patch: prevent DOS abusing
      compressed messages
    - CVE-2025-25291, CVE-2025-25292, CVE-2025-25293

 -- Julia Sarris <email address hidden> Mon, 24 Mar 2025 14:39:08 -0400
Source diff to previous version
CVE-2025-25291 ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-
CVE-2025-25293 ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is suscept
CVE-2025-25292 ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-

Version: 1.15.0-1ubuntu0.24.10.1 2025-02-28 06:07:01 UTC

  ruby-saml (1.15.0-1ubuntu0.24.10.1) oracular-security; urgency=medium

  * SECURITY UPDATE: SAML signature wrapping authentication bypass
    - debian/patches/CVE-2024-45409.patch: use correct XPaths, resolve
      to correct elements, and block references that resolve to
      multiple nodes. Changes made to lib/xml_security.rb
    - CVE-2024-45409

 -- Elise Hlady <email address hidden> Thu, 06 Feb 2025 14:42:04 -0800
CVE-2024-45409 The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify


About   -   Send Feedback to @ubuntu_updates