Описание
ELSA-2025-21404: lasso security update (CRITICAL)
[2.5.1-8.0.1]
- Fixes CVE-2025-47151 lasso: Type confusion in Entr'ouvert Lasso [Orabug: 38658691]
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
lasso
2.5.1-8.0.1.el7_9
lasso-devel
2.5.1-8.0.1.el7_9
lasso-python
2.5.1-8.0.1.el7_9
Связанные CVE
Связанные уязвимости
A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.
A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.
A type confusion vulnerability exists in the lasso_node_impl_init_from ...
