Описание
Security update for lasso
This update for lasso fixes the following issues:
- CVE-2025-46784: Fixed memory exhaustion in Entr'ouvert Lasso (bsc#1253094)
- CVE-2025-46404: Fixed denial of service in Entr'ouvert Lasso (bsc#1253092)
- CVE-2025-46705: Fixed denial of service in Entr'ouvert Lasso (bsc#1253093)
- CVE-2025-47151: Fixed type confusion vulnerability in the lasso_node_impl_init_from_xml functionality (bsc#1253095)
Список пакетов
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server 15 SP4-LTSS
SUSE Linux Enterprise Server 15 SP5-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE Manager Proxy LTS 4.3
SUSE Manager Server LTS 4.3
Ссылки
- Link for SUSE-SU-2025:4090-1
- E-Mail link for SUSE-SU-2025:4090-1
- SUSE Security Ratings
- SUSE Bug 1253092
- SUSE Bug 1253093
- SUSE Bug 1253094
- SUSE Bug 1253095
- SUSE CVE CVE-2025-46404 page
- SUSE CVE CVE-2025-46705 page
- SUSE CVE CVE-2025-46784 page
- SUSE CVE CVE-2025-47151 page
Описание
A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2025-46404
- SUSE Bug 1253092
Описание
A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2025-46705
- SUSE Bug 1253093
Описание
A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2025-46784
- SUSE Bug 1253094
Описание
A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2025-47151
- SUSE Bug 1253095