Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 21.04 USN-4974-1 Critical: Lasso Access Control Bypass

ubuntu
Calendar Grey June 1, 2021
Dist Ubuntu Esm H88
Debian Security Advisory DSA-4900-2 outlines the graph vulnerability impacting multiple iterations, permitting unauthorized entry.
Applications using Lasso could be made to allow unintended access.

Summary

Applications using Lasso could be made to allow unintended access.

Software Description:

- lasso: Liberty Alliance and SAML protocol Library

Details:

It was discovered that Lasso did not properly verify that all

assertions in a SAML response were properly signed. An attacker

could possibly use this to impersonate users or otherwise bypass

access controls.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
  liblasso-perl                   2.6.1-2ubuntu0.1
  liblasso3                       2.6.1-2ubuntu0.1
  python3-lasso                   2.6.1-2ubuntu0.1

Ubuntu 20.10:
  liblasso-perl                   2.6.0-7ubuntu2.1
  liblasso3                       2.6.0-7ubuntu2.1
  python3-lasso                   2.6.0-7ubuntu2.1

Ubuntu 20.04 LTS:
  liblasso-perl                   2.6.0-7ubuntu1.2
  liblasso3                       2.6.0-7ubuntu1.2
  python3-lasso                   2.6.0-7ubuntu1.2

Ubuntu 18.04 LTS:
  liblasso-perl                   2.5.1-0ubuntu1.2
  liblasso3                       2.5.1-0ubuntu1.2
  python-lasso                    2.5.1-0ubuntu1.2
  python3-lasso                   2.5.1-0ubuntu1.2

After a standard system update you need to restart applications that use
Lasso to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4974-1

CVE-2021-28091

Severity
critical
Lowest
Low
Medium
High
Critical

June 02, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here