Debian DSA-1700-1 : lasso - incorrect API usage

It was discovered that Lasso, a library for Liberty Alliance and SAML protocols performs incorrect validation of the return value of OpenSSL's DSAverify function. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

[SECURITY] [DSA 1700-1] New lasso packages fix validation bypass

------------------------------------------------------------------------ Debian Security Advisory DSA-1700-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 11, 2009 http://www.debian.org/security/faq -...