[ALSA-2021:4325] Moderate: lasso security and enhancement update
Type:
security
Severity:
moderate
Release date:
2021-11-12
Description:
The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages. Security Fix(es): * lasso: XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 lasso-2.6.0-12.el8.aarch64.rpm 32cea56bc0c21730fd725e07d0c24d9df242fa451878fd2f254c3d4c78a97903
aarch64 lasso-devel-2.6.0-12.el8.aarch64.rpm 79743097671a0e4a35a66dd91684775087f208382881bfcc7e26f43e4bdd637a
i686 lasso-devel-2.6.0-12.el8.i686.rpm 30c6adba7b80bfdea2a4cd354a09865a6fdce9c2cce4c1d3c61c670e54139b7f
i686 lasso-2.6.0-12.el8.i686.rpm 3d3f0070071bebb9845c5cb37ce5c91fa14977d0e1812da6c91a5213e2d387e8
ppc64le lasso-devel-2.6.0-12.el8.ppc64le.rpm 12fcad1b4a5c84e3d5702b0b2e77b3af2d372327a6d5fcdee71953234d942b56
ppc64le lasso-2.6.0-12.el8.ppc64le.rpm fa6797c4d4b1a555e613842cabf3c54f63fc6c089c89eaa2c6045147ed7d066a
x86_64 lasso-2.6.0-12.el8.x86_64.rpm 055e423ff6bba3798df7f29bf637442d13ba53854328c453ff42ac660eebca9b
x86_64 lasso-devel-2.6.0-12.el8.x86_64.rpm 15a8b753274f639801b8813ae80b50d190518c6b5d4e8c5ff89b9e270734def7
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.