Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:4068-1

Опубликовано: 12 нояб. 2025
Источник: suse-cvrf

Описание

Security update for lasso

This update for lasso fixes the following issues:

  • CVE-2025-46404: Fixed denial of service in Entr'ouvert Lasso (bsc#1253092)
  • CVE-2025-46705: Fixed denial of service in Entr'ouvert Lasso (bsc#1253093)
  • CVE-2025-47151: Fixed type confusion vulnerability in the lasso_node_impl_init_from_xml functionality (bsc#1253095)

Список пакетов

SUSE Linux Enterprise Module for Package Hub 15 SP6
liblasso-devel-2.8.2-150600.3.5.1
python3-lasso-2.8.2-150600.3.5.1
SUSE Linux Enterprise Module for Package Hub 15 SP7
liblasso-devel-2.8.2-150600.3.5.1
python3-lasso-2.8.2-150600.3.5.1
SUSE Linux Enterprise Module for Server Applications 15 SP6
liblasso3-2.8.2-150600.3.5.1
SUSE Linux Enterprise Module for Server Applications 15 SP7
liblasso3-2.8.2-150600.3.5.1
openSUSE Leap 15.6
liblasso-devel-2.8.2-150600.3.5.1
liblasso3-2.8.2-150600.3.5.1
python3-lasso-2.8.2-150600.3.5.1

Ссылки

Описание

A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:liblasso-devel-2.8.2-150600.3.5.1
SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-lasso-2.8.2-150600.3.5.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:liblasso-devel-2.8.2-150600.3.5.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-lasso-2.8.2-150600.3.5.1
Ссылки

Описание

A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:liblasso-devel-2.8.2-150600.3.5.1
SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-lasso-2.8.2-150600.3.5.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:liblasso-devel-2.8.2-150600.3.5.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-lasso-2.8.2-150600.3.5.1
Ссылки

Описание

A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:liblasso-devel-2.8.2-150600.3.5.1
SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-lasso-2.8.2-150600.3.5.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:liblasso-devel-2.8.2-150600.3.5.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-lasso-2.8.2-150600.3.5.1
Ссылки
Уязвимость SUSE-SU-2025:4068-1