Debian: DSA-4926-1: lasso security update | LinuxSecurity.com

Advisories


- -------------------------------------------------------------------------
Debian Security Advisory DSA-4926-1                   [email protected]
https://www.debian.org/security/                     Salvatore Bonaccorso
June 03, 2021                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : lasso
CVE ID         : CVE-2021-28091

It was discovered that lasso, a library which implements SAML 2.0 and
Liberty Alliance standards, did not properly verify that all assertions
in a SAML response were properly signed, allowing an attacker to
impersonate users or bypass access control.

For the stable distribution (buster), this problem has been fixed in
version 2.6.0-2+deb10u1.

We recommend that you upgrade your lasso packages.

For the detailed security status of lasso please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/lasso

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

Debian: DSA-4926-1: lasso security update

June 3, 2021
It was discovered that lasso, a library which implements SAML 2.0 and Liberty Alliance standards, did not properly verify that all assertions in a SAML response were properly signe...

Summary

For the stable distribution (buster), this problem has been fixed in
version 2.6.0-2+deb10u1.

We recommend that you upgrade your lasso packages.

For the detailed security status of lasso please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/lasso

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

Severity
It was discovered that lasso, a library which implements SAML 2.0 and
Liberty Alliance standards, did not properly verify that all assertions
in a SAML response were properly signed, allowing an attacker to
impersonate users or bypass access control.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.