Описание
ELSA-2021-4325: lasso security and enhancement update (MODERATE)
[2.6.0-12]
- Fix a dead code issue in the signature wrapping patch
- Resolves: rhbz#1951653 - CVE-2021-28091 lasso: XML signature wrapping vulnerability when parsing SAML responses [rhel-8]
[2.6.0-11]
- Bump release to force the package through OSCI as the previous build reached CI just in time for an outage
- Related: rhbz#1888195 - [RFE] release (built) python3-lasso pkg (comingfrom lasso)
[2.6.0-10]
- Resolves: rhbz#1951653 - CVE-2021-28091 lasso: XML signature wrapping vulnerability when parsing SAML responses [rhel-8]
[2.6.0-9]
- Resolves: rhbz#1888195 - [RFE] release (built) python3-lasso pkg (coming from lasso)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
lasso
2.6.0-12.el8
lasso-devel
2.6.0-12.el8
Oracle Linux x86_64
lasso
2.6.0-12.el8
lasso-devel
2.6.0-12.el8
Связанные CVE
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 4 лет назад
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
CVSS3: 8.8
redhat
около 4 лет назад
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
CVSS3: 7.5
nvd
около 4 лет назад
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
CVSS3: 7.5
debian
около 4 лет назад
Lasso all versions prior to 2.7.0 has improper verification of a crypt ...