Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:4094-1

Опубликовано: 13 нояб. 2025
Источник: suse-cvrf

Описание

Security update for lasso

This update for lasso fixes the following issues:

  • CVE-2025-46784: Fixed memory exhaustion in Entr'ouvert Lasso (bsc#1253094)
  • CVE-2025-46404: Fixed denial of service in Entr'ouvert Lasso (bsc#1253092)
  • CVE-2025-46705: Fixed denial of service in Entr'ouvert Lasso (bsc#1253093)
  • CVE-2025-47151: Fixed type confusion vulnerability in the lasso_node_impl_init_from_xml functionality (bsc#1253095)

Список пакетов

SUSE Linux Enterprise Server 12 SP5-LTSS
liblasso-devel-2.6.1-8.12.1
liblasso3-2.6.1-8.12.1
python3-lasso-2.6.1-8.12.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
liblasso-devel-2.6.1-8.12.1
liblasso3-2.6.1-8.12.1
python3-lasso-2.6.1-8.12.1

Ссылки

Описание

A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:liblasso-devel-2.6.1-8.12.1
SUSE Linux Enterprise Server 12 SP5-LTSS:liblasso3-2.6.1-8.12.1
SUSE Linux Enterprise Server 12 SP5-LTSS:python3-lasso-2.6.1-8.12.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:liblasso-devel-2.6.1-8.12.1
Ссылки

Описание

A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:liblasso-devel-2.6.1-8.12.1
SUSE Linux Enterprise Server 12 SP5-LTSS:liblasso3-2.6.1-8.12.1
SUSE Linux Enterprise Server 12 SP5-LTSS:python3-lasso-2.6.1-8.12.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:liblasso-devel-2.6.1-8.12.1
Ссылки

Описание

A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:liblasso-devel-2.6.1-8.12.1
SUSE Linux Enterprise Server 12 SP5-LTSS:liblasso3-2.6.1-8.12.1
SUSE Linux Enterprise Server 12 SP5-LTSS:python3-lasso-2.6.1-8.12.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:liblasso-devel-2.6.1-8.12.1
Ссылки

Описание

A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:liblasso-devel-2.6.1-8.12.1
SUSE Linux Enterprise Server 12 SP5-LTSS:liblasso3-2.6.1-8.12.1
SUSE Linux Enterprise Server 12 SP5-LTSS:python3-lasso-2.6.1-8.12.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:liblasso-devel-2.6.1-8.12.1
Ссылки