lasso-2.5.1-8.0.1.el7.AXS7
エラータID: AXSA:2021-2283:01
Release date:
Tuesday, August 3, 2021 - 11:30
Subject:
lasso-2.5.1-8.0.1.el7.AXS7
Affected Channels:
Asianux Server 7 for x86_64
Severity:
High
Description:
The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages.
Security Fix(es):
* lasso: XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2021-28091
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
Solution:
Update packages.
CVEs:
CVE-2021-28091
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
Additional Info:
N/A
Download:
SRPMS
- lasso-2.5.1-8.0.1.el7.AXS7.src.rpm
MD5: f40bc1277290dc3067770e2079d788aa
SHA-256: c385fa34c9dbac8a46d07b7d7d40b50e829230d6cc90bc6f23ef2c64c70c288a
Size: 4.34 MB
Asianux Server 7 for x86_64
- lasso-2.5.1-8.0.1.el7.AXS7.x86_64.rpm
MD5: 26ac832eee5aa8533bbc616a7e194b52
SHA-256: ad3b57ae1f427d4a2ef11aa7bbb7732f3ccb2feccba253a5b03946e06e5e4a69
Size: 191.55 kB - lasso-python-2.5.1-8.0.1.el7.AXS7.x86_64.rpm
MD5: 3adc779ad9cee6b8f9631909027b3f38
SHA-256: 417b896cfc1e0c29cbe529e907274150fa38118ddf747868b72911948743b153
Size: 170.59 kB - lasso-2.5.1-8.0.1.el7.AXS7.i686.rpm
MD5: 245918549acc4b9b67156f343bbeef83
SHA-256: 48a2e9d19a40b0106065c698737617b4869d709e61238f2e5c1428b8610b3570
Size: 186.58 kB