Package "liblasso3t64"
| Name: |
liblasso3t64
|
Description: |
Library for Liberty Alliance and SAML protocols - runtime library
|
| Latest version: |
2.8.2-8ubuntu0.1 |
| Release: |
plucky (25.04) |
| Level: |
security |
| Repository: |
main |
| Head package: |
lasso |
| Homepage: |
https://lasso.entrouvert.org |
Links
Download "liblasso3t64"
Other versions of "liblasso3t64" in Plucky
Changelog
|
lasso (2.8.2-8ubuntu0.1) plucky-security; urgency=medium
* SECURITY UPDATE: DoS in lasso_provider_verify_saml_signature
- debian/patches/CVE-2025-46404.patch: check xmlSecGetNodeNsHref for
possible NULL result in lasso/id-ff/provider.c.
- CVE-2025-46404
* SECURITY UPDATE: DoS in g_assert_not_reached
- debian/patches/CVE-2025-46705-pre1.patch: test that inserted comment
do not change node value in bindings/python/tests/profiles_tests.py,
lasso/xml/xml.c.
- debian/patches/CVE-2025-46705.patch: do not terminate on an unknown
XML node type in lasso/xml/xml.c.
- CVE-2025-46705
* SECURITY UPDATE: type confusion issue in lasso_node_impl_init_from_xml
- debian/patches/CVE-2025-47151.patch: prevent assignment of attribute
value inside any attribute in lasso/xml/misc_text_node.c,
lasso/xml/saml-2.0/saml2_attribute_value.c, lasso/xml/xml.c.
- CVE-2025-47151
-- Marc Deslauriers <email address hidden> Mon, 17 Nov 2025 08:39:44 -0500
|
| CVE-2025-46404 |
A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafte |
| CVE-2025-46705 |
A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML |
| CVE-2025-47151 |
A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafte |
|
About
-
Send Feedback to @ubuntu_updates
