Описание
Security update for lasso
This update for lasso fixes the following issues:
- CVE-2021-28091: Fixed XML signature wrapping vulnerability when parsing SAML responses. (bsc#1186768)
Список пакетов
SUSE Linux Enterprise Server 12 SP5
liblasso3-2.6.1-8.7.2
python3-lasso-2.6.1-8.7.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5
liblasso3-2.6.1-8.7.2
python3-lasso-2.6.1-8.7.2
SUSE Linux Enterprise Software Development Kit 12 SP5
liblasso-devel-2.6.1-8.7.2
Ссылки
- Link for SUSE-SU-2021:2589-1
- E-Mail link for SUSE-SU-2021:2589-1
- SUSE Security Ratings
- SUSE Bug 1186768
- SUSE CVE CVE-2021-28091 page
Описание
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:liblasso3-2.6.1-8.7.2
SUSE Linux Enterprise Server 12 SP5:python3-lasso-2.6.1-8.7.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5:liblasso3-2.6.1-8.7.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-lasso-2.6.1-8.7.2
Ссылки
- CVE-2021-28091
- SUSE Bug 1186768