lasso-2.6.0-14.el8_10

エラータID: AXSA:2025-11103:01

Release date: 
Thursday, November 20, 2025 - 14:12
Subject: 
lasso-2.6.0-14.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages.

Security Fix(es):

* lasso: Type confusion in Entr'ouvert Lasso (CVE-2025-47151)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-47151
A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.

Solution: 

Update packages.

CVEs: 
CVE-2025-47151
A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.
Additional Info: 

N/A

Download: 

SRPMS
  1. lasso-2.6.0-14.el8_10.src.rpm
    MD5: bbd54643746d18c10179d3fc9a076738
    SHA-256: 404deb30a77816e4947cab66ef645641d52d9f9efd784dcfe95d544e667adaad
    Size: 4.25 MB

Asianux Server 8 for x86_64
  1. lasso-2.6.0-14.el8_10.i686.rpm
    MD5: e80855bf51d0c7c25b022c844aea3dd8
    SHA-256: 740246fd656b8da68b6f73992b66a3707ad75e257a2bb625a6a071b5e8eb1a9d
    Size: 218.28 kB
  2. lasso-2.6.0-14.el8_10.x86_64.rpm
    MD5: 98554c172b5ccec3e479dfd4b9dc6472
    SHA-256: c9d94673dcbb549d6caebcad2f2ba20a2cd6a72dfd7995dab18387a4f7138764
    Size: 205.57 kB
  3. lasso-devel-2.6.0-14.el8_10.i686.rpm
    MD5: f503b82319043dd13e11591b308eab2f
    SHA-256: cef7f5f3b0380e2fff4c9326c9e834541372769f3615f1a94067df5e39a063cc
    Size: 89.88 kB
  4. lasso-devel-2.6.0-14.el8_10.x86_64.rpm
    MD5: 349ad9e9e8fc351b0edd7b767fb4b03d
    SHA-256: c99a7b4e78d443a1b059422f5201d630a14d41e3d23fb48285b1517c92b9f315
    Size: 89.85 kB
  5. python3-lasso-2.6.0-14.el8_10.x86_64.rpm
    MD5: 9ac7aa34fd0389b4037eb6b92e0606d8
    SHA-256: 80b9148f8604565cae9f5e29e3ab0da6d6bdcc47c2550212b69a557730586ff6
    Size: 189.68 kB