Описание
Security update for lasso
This update for lasso fixes the following issues:
- CVE-2025-46404: specially crafted SAML response can lead to a denial of service (bsc#1253092).
- CVE-2025-46705: specially crafted SAML assertion response can lead to a denial of service (bsc#1253093).
- CVE-2025-47151: type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality can lead to an arbitrary code execution (bsc#1253095).
Список пакетов
openSUSE Leap 16.0
Ссылки
- SUSE Security Ratings
- SUSE Bug 1253092
- SUSE Bug 1253093
- SUSE Bug 1253095
- SUSE CVE CVE-2025-46404 page
- SUSE CVE CVE-2025-46705 page
- SUSE CVE CVE-2025-47151 page
Описание
A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2025-46404
- SUSE Bug 1253092
Описание
A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2025-46705
- SUSE Bug 1253093
Описание
A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2025-47151
- SUSE Bug 1253095