Description:
The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages.
Security Fix(es):
* lasso: XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
lasso-2.6.0-12.el8.aarch64.rpm |
32cea56bc0c21730fd725e07d0c24d9df242fa451878fd2f254c3d4c78a97903 |
| aarch64 |
lasso-devel-2.6.0-12.el8.aarch64.rpm |
79743097671a0e4a35a66dd91684775087f208382881bfcc7e26f43e4bdd637a |
| i686 |
lasso-devel-2.6.0-12.el8.i686.rpm |
30c6adba7b80bfdea2a4cd354a09865a6fdce9c2cce4c1d3c61c670e54139b7f |
| i686 |
lasso-2.6.0-12.el8.i686.rpm |
3d3f0070071bebb9845c5cb37ce5c91fa14977d0e1812da6c91a5213e2d387e8 |
| ppc64le |
lasso-devel-2.6.0-12.el8.ppc64le.rpm |
12fcad1b4a5c84e3d5702b0b2e77b3af2d372327a6d5fcdee71953234d942b56 |
| ppc64le |
lasso-2.6.0-12.el8.ppc64le.rpm |
fa6797c4d4b1a555e613842cabf3c54f63fc6c089c89eaa2c6045147ed7d066a |
| x86_64 |
lasso-2.6.0-12.el8.x86_64.rpm |
055e423ff6bba3798df7f29bf637442d13ba53854328c453ff42ac660eebca9b |
| x86_64 |
lasso-devel-2.6.0-12.el8.x86_64.rpm |
15a8b753274f639801b8813ae80b50d190518c6b5d4e8c5ff89b9e270734def7 |
