OESA-2025-2665
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2665
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-2665.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2025-2665
- Upstream
- Published
- 2025-11-14T12:38:52Z
- Modified
- 2025-11-17T04:49:50.869500Z
- Summary
- lasso security update
- Details
-
The package is a implements the Liberty Alliance Single Sign On standards library, includeing the SAML2 and SAML specifications. it provides bindings for multiple languages.and allows to handle the whole life-cycle of SAML based Federations.
Security Fix(es):
A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.(CVE-2025-46404)
A denial of service vulnerability exists in the gassertnot_reached functionality of Entr ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.(CVE-2025-46705)
A type confusion vulnerability exists in the lassonodeimplinitfrom_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.(CVE-2025-47151)
- Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:24.03-LTS-SP2 / lasso
Package
- Name
- lasso
- Purl
- pkg:rpm/openEuler/lasso&distro=openEuler-24.03-LTS-SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.8.2-3.oe2403sp2
Ecosystem specific
{
"x86_64": [
"lasso-2.8.2-3.oe2403sp2.x86_64.rpm",
"lasso-debuginfo-2.8.2-3.oe2403sp2.x86_64.rpm",
"lasso-debugsource-2.8.2-3.oe2403sp2.x86_64.rpm",
"lasso-devel-2.8.2-3.oe2403sp2.x86_64.rpm",
"lasso-help-2.8.2-3.oe2403sp2.x86_64.rpm",
"perl-lasso-2.8.2-3.oe2403sp2.x86_64.rpm",
"python3-lasso-2.8.2-3.oe2403sp2.x86_64.rpm"
],
"aarch64": [
"lasso-2.8.2-3.oe2403sp2.aarch64.rpm",
"lasso-debuginfo-2.8.2-3.oe2403sp2.aarch64.rpm",
"lasso-debugsource-2.8.2-3.oe2403sp2.aarch64.rpm",
"lasso-devel-2.8.2-3.oe2403sp2.aarch64.rpm",
"lasso-help-2.8.2-3.oe2403sp2.aarch64.rpm",
"perl-lasso-2.8.2-3.oe2403sp2.aarch64.rpm",
"python3-lasso-2.8.2-3.oe2403sp2.aarch64.rpm"
],
"src": [
"lasso-2.8.2-3.oe2403sp2.src.rpm"
]
}