Download
| Alert*
oval:org.secpod.oval:def:89045481
This update for lasso fixes the following issues: - CVE-2021-28091: Fixed XML signature wrapping vulnerability when parsing SAML responses oval:org.secpod.oval:def:506454 The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages. Security Fix: * lasso: XML signa ... oval:org.secpod.oval:def:506277 The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages. Security Fix: * lasso: XML signa ... oval:org.secpod.oval:def:1601466 An XML Signature Wrapping vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from this vulnerability is to ... oval:org.secpod.oval:def:120333 Lasso is a library that implements the Liberty Alliance Single Sign On standards, including the SAML and SAML2 specifications. It allows to handle the whole life-cycle of SAML based Federations, and provides bindings for multiple languages. oval:org.secpod.oval:def:120332 Lasso is a library that implements the Liberty Alliance Single Sign On standards, including the SAML and SAML2 specifications. It allows to handle the whole life-cycle of SAML based Federations, and provides bindings for multiple languages. oval:org.secpod.oval:def:605549 It was discovered that lasso, a library which implements SAML 2.0 and Liberty Alliance standards, did not properly verify that all assertions in a SAML response were properly signed, allowing an attacker to impersonate users or bypass access control. oval:org.secpod.oval:def:706033 lasso: Liberty Alliance and SAML protocol Library Applications using Lasso could be made to allow unintended access. oval:org.secpod.oval:def:73658 It was discovered that liblasso3-dev, a library which implements SAML 2.0 and Liberty Alliance standards, did not properly verify that all assertions in a SAML response were properly signed, allowing an attacker to impersonate users or bypass access control. oval:org.secpod.oval:def:73436 lasso: Liberty Alliance and SAML protocol Library Applications using Lasso could be made to allow unintended access. oval:org.secpod.oval:def:4500047 The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages. For more details about the secur ... oval:org.secpod.oval:def:2106678 Oracle Solaris 11 - ( CVE-2021-28091 ) oval:org.secpod.oval:def:1505041 [2.5.1-8] - Fix Coverity warning introduced by the previous patch - Related: #1963855 - CVE-2021-28091 lasso: XML signature wrapping vulnerability when parsing SAML responses [2.5.1-7] - Fix Coverity warning introduced by the previous patch - Related: #1963855 - CVE-2021-28091 lasso: XML signature w ... oval:org.secpod.oval:def:1505268 [2.6.0-12] - Fix a dead code issue in the signature wrapping patch - Resolves: rhbz#1951653 - CVE-2021-28091 lasso: XML signature wrapping vulnerability when parsing SAML responses [rhel-8] [2.6.0-11] - Bump release to force the package through OSCI as the previous build reached CI just in time for ... oval:org.secpod.oval:def:2500225 The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages. oval:org.secpod.oval:def:1700640 An XML Signature Wrapping vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from this vulnerability is to ... |