xsBNBGao8McBCAD/mTHpWpp0rMyhX+xQYmuj1DoCiadFZysyAyKIFXODXRSOAQ58
YTf6BEuhPtEamZq+aJEGOTBJmUZxvGMv0Fo5yBN+OGoMA2CJQwxWQCZCptfivOCI
D5p2eANebDVXpZHHgpNwCyFVZR/UfSLMqX/y2wEi1AC4CKc3ihFBWdMJVdDk6zz0
4g/x4w76CZczUpe17QWD1XuAWUxmaVGM/TiKjktq3Lp6yZrb0QSYjCovXAGwfBmz
beludDi+EMDmh76PeKWfqQ38QSPEvN+Lv6OTjPWDfilfuOPpDZA2gsjNj3TaBllL
k9YW98OrqsbegQ0BhPgoPYQ3S15ikv53M8o/ABEBAAHNKUp1bGlhIFNhcnJpcyA8
anVsaWEuc2FycmlzQGNhbm9uaWNhbC5jb20+wsCRBBMBCgA7FiEEOMd9M4Vpc6WH
Yvv+QB78vNoP8b0FAmao8McCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AA
CgkQQB78vNoP8b3fXQf6Awx8Nd5FkMMGdrWqBjIPZv1Ogkka2+PiIqwqcIeQGvam
V/bpIKOCb4QOS4kgQ+hNS1mmK+T/aWXRCYhiBIPAOIbo7jcMGxNz7V3+43RxlNVl
zt3feYM/QAJmgK8bjdCzI5ZQHiyX8pgOieCylRrcjroQHa9CxHej4aJGCaPGLFGo
81lYWJm21NP4LJTLk03ncJT8Ss64R28cOWUHujysxftAPHVYpPLdlwuJ3lgC8M5n
eq0qwsv22j62ldd/J7u2psRSczaU1ve/TfX71ZCyZZiw2Tm5HvaskD+CilXOaL2H
+KediuEtkQk5KKQikg2XtjbqCYyIxQT50v1TIu86ss7ATQRmqPDHAQgA5zGDufJq
9MhhDPJqM3Qz4kQXLKDXz2l5EovU5olrYerGmskpUBUSwfgAeBu9gMP5Y24spir3
eMm6O7m8EJsihMPCw4Iblzi9YZZX1TY3wegRXFIiaqW5kELnjhVnRpS9WQi9FDd9
gGPp7X3iQ8/B6+nyHitqhcj2A+Vpk5HaguY8zl3yEOwFnud5TEbSb/xYz7DhX5uv
B/FZ9rgn+j2N0hC/RVN1MpSRHZEbOCfpaYr/teiQexOWBlVVnZgCkHb9F0NiNImv
dXVZ18jY5wfgxemfgm8l4nDUlSMUIMiwGYekPMEuYvoDNPwfzzlYHKrVoqp54KMd
JALMUar1bVZtxQARAQABwsB2BBgBCgAgFiEEOMd9M4Vpc6WHYvv+QB78vNoP8b0F
Amao8McCGwwACgkQQB78vNoP8b10+ggA8nW+R2g9BDvkpurM0lwpaCtgKbaENIGg
lpxNXEEUEW7AaR4Mme+4PA/SdpWrFzVa0OGhqtZxkovUZXpgiLlx5/eR1Bl+TUuO
rjZkjGBy3r2Ce1JLwKilSZk7Bk45L7QDxA+NOLSFS7ADqzv37J2jhpfczqrYdpSj
kHgUvkapbuB0ONpQ/mhH9UDquY3eMGv3GSrvggVS0mKjR6bMl1plBWcfJ+Y//xQc
6S1bBdjbmwKMZjYbvhTpPbVeUOUdOg/0mYC/3rjSO+2OEn1Q+YIdfGqbLpDAbruG
m7XHtUOXesWorhDMzQGRpj7R+ed/9uJs0Nvg5FqAKTrzh+90ngEGuA==
=Qkbp
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEOMd9M4Vpc6WHYvv+QB78vNoP8b0FAmfulxEFAwAAAAAACgkQQB78vNoP8b27
fggAjQEZrDsvrFXmbCFd6RL9MZtLsE8lKDEnL9YBzGXeoTgu8mMZTvMV+U4yoKWX+8pfQeJu35K5
lgZz2f0y4taCUCyohlYWZDmwTFNZQrIGGUiqht0tw7FocBgQgaOCbLub1Dg37ImEyj01D6hd5ZpY
WffltBePNBG+DbWkg0QDRgX5nC6m9kse3r1Rge1s0+U2MyTfbBzLXkcU+XGV3OizfCrYV8Ijmtgq
ItvN6J10zH2P3BETlfwNKPMzCDqm8n5J0XSGPmomIJgPdOoq8+gqE5i/mc/b8CWJ+eglEcbA0Ux/
pYyKxpwoch5tvHyr6HKYSkBnAOFD7uQAQgwI+G4NVg==
=754k
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7409-1
April 02, 2025
ruby-saml vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in ruby-saml.
Software Description:
- ruby-saml: SAML toolkit for Ruby on Rails
Details:
It was discovered that ruby-saml did not correctly handle XML parsing.
An attacker could possibly use this issue to perform a signature
wrapping attack and bypass authentication. (CVE-2025-25291
and CVE-2025-25292)
It was discovered that ruby-saml did not correctly handle decompressing
SAML responses. An attacker could possibly use this issue to cause
a denial of service. (CVE-2025-25293)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
ruby-saml 1.15.0-1ubuntu0.24.10.2
Ubuntu 24.04 LTS
ruby-saml 1.15.0-1ubuntu0.24.04.1+esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
ruby-saml 1.13.0-1ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
ruby-saml 1.11.0-1ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
ruby-saml 1.7.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
ruby-saml 1.1.2-1ubuntu1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7409-1
CVE-2025-25291, CVE-2025-25292, CVE-2025-25293
Package Information:
https://launchpad.net/ubuntu/+source/ruby-saml/1.15.0-1ubuntu0.24.10.2
April 02, 2025
ruby-saml vulnerabilities
==============================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in ruby-saml.
Software Description:
- ruby-saml: SAML toolkit for Ruby on Rails
Details:
It was discovered that ruby-saml did not correctly handle XML parsing.
An attacker could possibly use this issue to perform a signature
wrapping attack and bypass authentication. (CVE-2025-25291
and CVE-2025-25292)
It was discovered that ruby-saml did not correctly handle decompressing
SAML responses. An attacker could possibly use this issue to cause
a denial of service. (CVE-2025-25293)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
ruby-saml 1.15.0-1ubuntu0.24.10.2
Ubuntu 24.04 LTS
ruby-saml 1.15.0-1ubuntu0.24.04.1+esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
ruby-saml 1.13.0-1ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
ruby-saml 1.11.0-1ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
ruby-saml 1.7.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
ruby-saml 1.1.2-1ubuntu1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/no
CVE-2025-25291, CVE-2025-25292, CVE-2025-25293
Package Information:
https://launchpad.net/ubuntu/+
No comments:
Post a Comment