Lucene search
OracleLinuxELSA-2021-2989HistoryAug 02, 2021 - 12:00 a.m.
lasso security update
2021-08-0200:00:00
linux.oracle.com
17
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
[2.5.1-8]
- Fix Coverity warning introduced by the previous patch
- Related: #1963855 - CVE-2021-28091 lasso: XML signature wrapping
vulnerability when parsing SAML responses
[2.5.1-7] - Fix Coverity warning introduced by the previous patch
- Related: #1963855 - CVE-2021-28091 lasso: XML signature wrapping
vulnerability when parsing SAML responses
[2.5.1-6] - Resolves: #1963855 - CVE-2021-28091 lasso: XML signature wrapping
vulnerability when parsing SAML responses
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 7 | src | lasso | < 2.5.1-8.el7_9 | lasso-2.5.1-8.el7_9.src.rpm |
| oracle linux | 7 | aarch64 | lasso | < 2.5.1-8.el7_9 | lasso-2.5.1-8.el7_9.aarch64.rpm |
| oracle linux | 7 | aarch64 | lasso-devel | < 2.5.1-8.el7_9 | lasso-devel-2.5.1-8.el7_9.aarch64.rpm |
| oracle linux | 7 | aarch64 | lasso-python | < 2.5.1-8.el7_9 | lasso-python-2.5.1-8.el7_9.aarch64.rpm |
| oracle linux | 7 | src | lasso | < 2.5.1-8.el7_9 | lasso-2.5.1-8.el7_9.src.rpm |
| oracle linux | 7 | i686 | lasso | < 2.5.1-8.el7_9 | lasso-2.5.1-8.el7_9.i686.rpm |
| oracle linux | 7 | x86_64 | lasso | < 2.5.1-8.el7_9 | lasso-2.5.1-8.el7_9.x86_64.rpm |
| oracle linux | 7 | i686 | lasso-devel | < 2.5.1-8.el7_9 | lasso-devel-2.5.1-8.el7_9.i686.rpm |
| oracle linux | 7 | x86_64 | lasso-devel | < 2.5.1-8.el7_9 | lasso-devel-2.5.1-8.el7_9.x86_64.rpm |
| oracle linux | 7 | x86_64 | lasso-python | < 2.5.1-8.el7_9 | lasso-python-2.5.1-8.el7_9.x86_64.rpm |
Related
nessus
nessus
EulerOS 2.0 SP2 : lasso (EulerOS-SA-2021-2393)
2021-09-14 00:00:00
Scientific Linux Security Update : lasso on SL7.x i686/x86_64 (2021:2989)
2021-08-03 00:00:00
NewStart CGSL CORE 5.04 / MAIN 5.04 : lasso Vulnerability (NS-SA-2022-0011)
2022-05-09 00:00:00
redhat
redhat
(RHSA-2021:2989) Important: lasso security update
2021-08-02 14:32:12
(RHSA-2021:4325) Moderate: lasso security and enhancement update
2021-11-09 09:01:05
openvas
openvas
openSUSE: Security Advisory for lasso (openSUSE-SU-2021:1057-1)
2021-07-20 00:00:00
Fedora: Security Advisory for lasso (FEDORA-2021-508acb1153)
2021-06-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:2589-1)
2021-08-04 00:00:00
ubuntucve
ubuntucve
CVE-2021-28091
2021-06-01 00:00:00
prion
prion
Design/Logic Flaw
2021-06-04 15:15:00
osv
osv
Moderate: lasso security and enhancement update
2021-11-09 09:01:05
lasso - security update
2021-06-10 00:00:00
lasso - security update
2021-06-03 00:00:00
cisco
cisco
Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021
2021-06-01 12:30:00
fedora
fedora
[SECURITY] Fedora 33 Update: lasso-2.7.0-1.fc33
2021-06-11 01:20:08
[SECURITY] Fedora 34 Update: lasso-2.7.0-1.fc34
2021-06-11 01:15:56
debian
debian
[SECURITY] [DSA 4926-1] lasso security update
2021-06-03 20:22:41
[SECURITY] [DLA 2684-1] lasso security update
2021-06-10 05:49:35
[SECURITY] [DSA 4926-1] lasso security update
2021-06-03 20:22:41
suse
suse
Security update for lasso (important)
2021-07-20 00:00:00
amazon
amazon
Important: lasso
2021-06-16 20:37:00
Important: lasso
2021-09-02 22:54:00
cve
cve
CVE-2021-28091
2021-06-04 15:15:00
akamaiblog
akamaiblog
Akamai EAA Impersonation Vulnerability - A Deep Dive
2021-06-01 13:00:30
Akamai EAA Impersonation Vulnerability - A Deep Dive
2021-06-01 04:00:00
SAML Implementation Vulnerability Impacting Some Akamai Services
2021-06-01 13:00:00
debiancve
debiancve
CVE-2021-28091
2021-06-04 15:15:00
redhatcve
redhatcve
CVE-2021-28091
2021-06-01 14:19:14
rocky
rocky
lasso security and enhancement update
2021-11-09 09:01:05
almalinux
almalinux
Moderate: lasso security and enhancement update
2021-11-09 09:01:05
ubuntu
ubuntu
Lasso vulnerability
2021-06-02 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-28091 affecting package lasso 2.6.0-25
2022-10-05 17:21:40
f5
f5
K02151228 : Lasso XML signature wrapping vulnerability CVE-2021-28091
2021-06-07 00:00:00
veracode
veracode
Insecure Cryptographic Function
2021-08-13 15:38:08
oraclelinux
oraclelinux
lasso security and enhancement update
2021-11-16 00:00:00
freebsd
freebsd
lasso -- signature checking failure
2021-06-01 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related for ELSA-2021-2989