Several security issues were fixed in Lasso.
Software Description:
- lasso: Liberty Alliance and SAML protocol Library
Details:
It was discovered that Lasso incorrectly handled certain malformed SAML
responses. A remote attacker could possibly use this issue to cause Lasso
to crash, resulting in a denial of service. (CVE-2025-46404)
It was discovered that Lasso incorrectly handled certain malformed SAML
assertion responses. A remote attacker could possibly use this issue to
cause Lasso to crash, resulting in a denial of service. (CVE-2025-46705)
It was discovered that Lasso incorrectly handled certain malformed SAML
responses. A remote attacker could possibly use this issue to cause Lasso
to consume memory, resulting in a denial of service. This issue only
affected Ubuntu 22.04 LTS. (CVE-2025-46784)
It was discovered that Lasso incorrectly handled certain malformed SAML
responses. A remote attacker could use this issue to cause Lasso to crash,
resulting in a denial of service...
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 liblasso-perl 2.8.2-8ubuntu0.1 liblasso3t64 2.8.2-8ubuntu0.1 python3-lasso 2.8.2-8ubuntu0.1 Ubuntu 24.04 LTS liblasso-perl 2.8.2-2ubuntu0.1 liblasso3t64 2.8.2-2ubuntu0.1 python3-lasso 2.8.2-2ubuntu0.1 Ubuntu 22.04 LTS liblasso-perl 2.7.0-2ubuntu0.1 liblasso3 2.7.0-2ubuntu0.1 python3-lasso 2.7.0-2ubuntu0.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7872-1
CVE-2025-46404, CVE-2025-46705, CVE-2025-46784, CVE-2025-47151
Get the latest Linux and open source security news straight to your inbox.