==========================================================================
Ubuntu Security Notice USN-7872-1
November 18, 2025
lasso vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Lasso.
Software Description:
- lasso: Liberty Alliance and SAML protocol Library
Details:
It was discovered that Lasso incorrectly handled certain malformed SAML
responses. A remote attacker could possibly use this issue to cause Lasso
to crash, resulting in a denial of service. (CVE-2025-46404)
It was discovered that Lasso incorrectly handled certain malformed SAML
assertion responses. A remote attacker could possibly use this issue to
cause Lasso to crash, resulting in a denial of service. (CVE-2025-46705)
It was discovered that Lasso incorrectly handled certain malformed SAML
responses. A remote attacker could possibly use this issue to cause Lasso
to consume memory, resulting in a denial of service. This issue only
affected Ubuntu 22.04 LTS. (CVE-2025-46784)
It was discovered that Lasso incorrectly handled certain malformed SAML
responses. A remote attacker could use this issue to cause Lasso to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2025-47151)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
liblasso-perl 2.8.2-8ubuntu0.1
liblasso3t64 2.8.2-8ubuntu0.1
python3-lasso 2.8.2-8ubuntu0.1
Ubuntu 24.04 LTS
liblasso-perl 2.8.2-2ubuntu0.1
liblasso3t64 2.8.2-2ubuntu0.1
python3-lasso 2.8.2-2ubuntu0.1
Ubuntu 22.04 LTS
liblasso-perl 2.7.0-2ubuntu0.1
liblasso3 2.7.0-2ubuntu0.1
python3-lasso 2.7.0-2ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7872-1
CVE-2025-46404, CVE-2025-46705, CVE-2025-46784, CVE-2025-47151
Package Information:
https://launchpad.net/ubuntu/+source/lasso/2.8.2-8ubuntu0.1
https://launchpad.net/ubuntu/+source/lasso/2.8.2-2ubuntu0.1
https://launchpad.net/ubuntu/+source/lasso/2.7.0-2ubuntu0.1
No comments:
Post a Comment