Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 16 articles for you...
217
security advisorycriticalremote accessOracle Linux 7: ELSA-2025-21404 lasso Critical Type Confusion CVE-47151
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-21404 http://linux.oracle.com/errata/ELSA-2025-21404.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: lasso-2.5.1-8.0.1.el7_9.i686.rpm lasso-2.5.1-8.0.1.el7_9.x86_64.rpm lasso-devel-2.5.1-8.0.1.el7_9.i686.rpm lasso-devel-2.5.1-8.0.1.el7_9.x86_64.rpm lasso-python-2.5.1-8.0.1.el7_9.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/lasso-2.5.1-8.0.1.el7_9.src.rpm Related CVEs: CVE-2025-47151 Description of changes: [2.5.1-8.0.1] - Fixes CVE-2025-47151 lasso: Type confusion in Entr'ouvert Lasso [Orabug: 38658691] _______________________________________________ El-errata mailing list
Dec 12, 2025
•Critical
Oracle
100
security advisorydenial of servicecriticalSUSE: Lasso Critical Denial of Service & Code Exec Advisories 2025:21140-1
* bsc#1253092 * bsc#1253093 * bsc#1253095 Cross-References: . # Security update for lasso Announcement ID: SUSE-SU-2025:21140-1 Release Date: 2025-11-25T13:27:21Z Rating: critical References: * bsc#1253092 * bsc#1253093 * bsc#1253095 Cross-References: * CVE-2025-46404 * CVE-2025-46705 * CVE-2025-47151 CVSS scores: * CVE-2025-46404 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-46404 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-46404 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-46705 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-46705 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-46705 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47151 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-47151 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-47151 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for lasso fixes the following issues: * CVE-2025-46404: specially crafted SAML response can lead to a denial of service (bsc#1253092). * CVE-2025-46705: specially crafted SAML assertion response can lead to a denial of service (bsc#1253093). * CVE-2025-47151: type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality can lead to an arbitrary code execution (bsc#1253095). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patchSUSE-SLES-16.0-52=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-52=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * liblasso3-2.8.2-160000.3.1 * liblasso3-debuginfo-2.8.2-160000.3.1 * lasso-debuginfo-2.8.2-160000.3.1 * lasso-debugsource-2.8.2-160000.3.1 * liblasso-devel-2.8.2-160000.3.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * liblasso3-2.8.2-160000.3.1 * liblasso3-debuginfo-2.8.2-160000.3.1 * lasso-debuginfo-2.8.2-160000.3.1 * lasso-debugsource-2.8.2-160000.3.1 * liblasso-devel-2.8.2-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-46404.html * https://www.suse.com/security/cve/CVE-2025-46705.html * https://www.suse.com/security/cve/CVE-2025-47151.html * https://bugzilla.suse.com/show_bug.cgi?id=1253092 * https://bugzilla.suse.com/show_bug.cgi?id=1253093 * https://bugzilla.suse.com/show_bug.cgi?id=1253095 . Critical security update for lasso in SUSE addresses denial of service and code execution risks requiring immediate attention.. SUSE,Lasso,Critical Update,Security Fix,Denial of Service. . Severity: Critical. LinuxSecurity.com Team
Dec 10, 2025
•Critical
SuSE
197
security advisorydebianDoSDebian 11 Lasso Important DoS Arbitrary Code Exec DLA-4397-1
Keane O'Kelley discovered several vulnerabilities in lasso, a library implementing Liberty Alliance and SAML protocols, which could result in denial of service or the execution of arbitrary code. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4397-1
Dec 08, 2025
•Important
Debian LTS
217
security advisorycriticalOracle LinuxOracle Linux 9 ELSA-2025-21462 Lasso Critical Type Confusion
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-21462 http://linux.oracle.com/errata/ELSA-2025-21462.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: lasso-2.7.0-11.el9_7.3.i686.rpm lasso-2.7.0-11.el9_7.3.x86_64.rpm lasso-devel-2.7.0-11.el9_7.3.i686.rpm lasso-devel-2.7.0-11.el9_7.3.x86_64.rpm python3-lasso-2.7.0-11.el9_7.3.x86_64.rpm aarch64: lasso-2.7.0-11.el9_7.3.aarch64.rpm lasso-devel-2.7.0-11.el9_7.3.aarch64.rpm python3-lasso-2.7.0-11.el9_7.3.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/lasso-2.7.0-11.el9_7.3.src.rpm Related CVEs: CVE-2025-47151 Description of changes: [ - 2.7.0-11.3] - Fix CVE-2025-47151 lasso: Type confusion in Entr'ouvert Lasso Resolves: RHEL-126684 _______________________________________________ El-errata mailing list
Nov 26, 2025
•Critical
Oracle
217
security advisorycriticalremote accessOracle Linux 8: ELSA-2025-21628 Lasso Critical Type Confusion
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-21628 http://linux.oracle.com/errata/ELSA-2025-21628.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: lasso-2.6.0-14.el8_10.i686.rpm lasso-2.6.0-14.el8_10.x86_64.rpm lasso-devel-2.6.0-14.el8_10.i686.rpm lasso-devel-2.6.0-14.el8_10.x86_64.rpm python3-lasso-2.6.0-14.el8_10.x86_64.rpm aarch64: lasso-2.6.0-14.el8_10.aarch64.rpm lasso-devel-2.6.0-14.el8_10.aarch64.rpm python3-lasso-2.6.0-14.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/lasso-2.6.0-14.el8_10.src.rpm Related CVEs: CVE-2025-47151 Description of changes: [2.6.0-14] - Fixing CVE-2025-47151 Resolves: RHEL-126687 CVE-2025-47151 lasso: Type confusion in Entr'ouvert Lasso _______________________________________________ El-errata mailing list
Nov 20, 2025
•Critical
Oracle
172
security advisorydenial of servicecriticalUbuntu 25.04 Lasso Critical Denial of Service Vulnerabilities USN-7872-1
Several security issues were fixed in Lasso.. ========================================================================== Ubuntu Security Notice USN-7872-1 November 18, 2025 lasso vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Lasso. Software Description: - lasso: Liberty Alliance and SAML protocol Library Details: It was discovered that Lasso incorrectly handled certain malformed SAML responses. A remote attacker could possibly use this issue to cause Lasso to crash, resulting in a denial of service. (CVE-2025-46404) It was discovered that Lasso incorrectly handled certain malformed SAML assertion responses. A remote attacker could possibly use this issue to cause Lasso to crash, resulting in a denial of service. (CVE-2025-46705) It was discovered that Lasso incorrectly handled certain malformed SAML responses. A remote attacker could possibly use this issue to cause Lasso to consume memory, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2025-46784) It was discovered that Lasso incorrectly handled certain malformed SAML responses. A remote attacker could use this issue to cause Lasso to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-47151) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 liblasso-perl 2.8.2-8ubuntu0.1 liblasso3t64 2.8.2-8ubuntu0.1 python3-lasso 2.8.2-8ubuntu0.1 Ubuntu 24.04 LTS liblasso-perl 2.8.2-2ubuntu0.1 liblasso3t64 2.8.2-2ubuntu0.1 python3-lasso 2.8.2-2ubuntu0.1 Ubuntu 22.04 LTS liblasso-perl 2.7.0-2ubuntu0.1 liblasso3 2.7.0-2ubuntu0.1 python3-lasso 2.7.0-2ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7872-1 CVE-2025-46404, CVE-2025-46705, CVE-2025-46784, CVE-2025-47151 Package Information: https://launchpad.net/ubuntu/+source/lasso/2.8.2-8ubuntu0.1 https://launchpad.net/ubuntu/+source/lasso/2.8.2-2ubuntu0.1 https://launchpad.net/ubuntu/+source/lasso/2.7.0-2ubuntu0.1 . Ensure your Ubuntu system is secure by addressing critical Lasso issues affecting multiple releases urgently.. Lasso Security, Ubuntu Update, Denial of Service, SAML Protocol, Security Notice. . Severity: Critical. LinuxSecurity.com Team
Nov 18, 2025
•Critical
Ubuntu
87
security advisorydenial of servicecriticalDebian: DSA-6058-1 lasso Critical Denial of Service CVE-2025-46404
Keane O'Kelley discovered several vulnerabilities in lasso, a library implementing Liberty Alliance and SAML protocols, which could result in denial of service or the execution of arbitrary code. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-6058-1
Nov 15, 2025
•Critical
Debian
100
security advisorydenial of servicecriticalSUSE Lasso Critical Update for Denial of Service Issues 2025:4094-1
* bsc#1253092 * bsc#1253093 * bsc#1253094 * bsc#1253095 . # Security update for lasso Announcement ID: SUSE-SU-2025:4094-1 Release Date: 2025-11-13T23:34:51Z Rating: critical References: * bsc#1253092 * bsc#1253093 * bsc#1253094 * bsc#1253095 Cross-References: * CVE-2025-46404 * CVE-2025-46705 * CVE-2025-46784 * CVE-2025-47151 CVSS scores: * CVE-2025-46404 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-46404 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-46404 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-46705 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-46705 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-46705 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-46784 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-46784 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-46784 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47151 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-47151 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-47151 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for lasso fixes the following issues: * CVE-2025-46784: Fixed memory exhaustion in Entr'ouvert Lasso (bsc#1253094) * CVE-2025-46404: Fixed denial of service in Entr'ouvert Lasso (bsc#1253092) * CVE-2025-46705: Fixed denial ofservice in Entr'ouvert Lasso (bsc#1253093) * CVE-2025-47151: Fixed type confusion vulnerability in the lasso_node_impl_init_from_xml functionality (bsc#1253095) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-4094=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-4094=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * liblasso-devel-2.6.1-8.12.1 * liblasso3-2.6.1-8.12.1 * python3-lasso-2.6.1-8.12.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * liblasso-devel-2.6.1-8.12.1 * liblasso3-2.6.1-8.12.1 * python3-lasso-2.6.1-8.12.1 ## References: * https://www.suse.com/security/cve/CVE-2025-46404.html * https://www.suse.com/security/cve/CVE-2025-46705.html * https://www.suse.com/security/cve/CVE-2025-46784.html * https://www.suse.com/security/cve/CVE-2025-47151.html * https://bugzilla.suse.com/show_bug.cgi?id=1253092 * https://bugzilla.suse.com/show_bug.cgi?id=1253093 * https://bugzilla.suse.com/show_bug.cgi?id=1253094 * https://bugzilla.suse.com/show_bug.cgi?id=1253095 . SUSE's critical security update for lasso covers multiple vulnerabilities. Immediate action is recommended for system safety.. SUSE Lasso Update, Critical Security, Denial of Service Fix, Memory Exhaustion Fix. . Severity: Critical. LinuxSecurity.com Team
Nov 14, 2025
•Critical
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!