35 matches found
MiracleLinux 7 : lasso-2.5.1-8.0.1.el7.AXS7 (AXSA:2021-2283:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2283:01 advisory. lasso: XML signature wrapping vulnerability when parsing SAML responses CVE-2021-28091 Tenable has extracted the preceding description block directly from th...
CVE-2021-28091 affecting package lasso for versions less than 2.8.0-1
CVE-2021-28091 affecting package lasso for versions less than 2.8.0-1. An upgraded version of the package is available that resolves this issue...
NewStart CGSL CORE 5.04 / MAIN 5.04 : lasso Vulnerability (NS-SA-2022-0011)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has lasso packages installed that are affected by a vulnerability: - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. CVE-2021-28091 Note that Nessus has not tested for this issue but ha...
NewStart CGSL CORE 5.05 / MAIN 5.05 : lasso Vulnerability (NS-SA-2022-0046)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has lasso packages installed that are affected by a vulnerability: - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. CVE-2021-28091 Note that Nessus has not tested for this issue but ha...
AlmaLinux 8 : lasso (ALSA-2021:4325)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4325 advisory. - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. CVE-2021-28091 Note that Nessus has not tested for this issue but has...
RHEL 8 : lasso (RHSA-2021:4325)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4325 advisory. The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2...
Moderate: Red Hat Security Advisory: lasso security and enhancement update
An update for lasso is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Moderate: lasso security and enhancement update
The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages. Security Fixes: lasso: XML...
Huawei EulerOS: Security Advisory for lasso (EulerOS-SA-2021-2589)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : lasso (EulerOS-SA-2021-2589)
According to the versions of the lasso packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. CVE-2021-28091 Note that Tenable Network Security has...
Huawei EulerOS: Security Advisory for lasso (EulerOS-SA-2021-2467)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for lasso (EulerOS-SA-2021-2393)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : lasso (ALAS-2021-1529)
The version of lasso installed on the remote host is prior to 2.5.1-8.6. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1529 advisory. An XML Signature Wrapping XSW vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to...
Important: lasso
Issue Overview: An XML Signature Wrapping XSW vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from th...
Huawei EulerOS: Security Advisory for lasso (EulerOS-SA-2021-2337)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2021:2589-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED12 / SLES12 Security Update : lasso (SUSE-SU-2021:2589-1)
The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2589-1 advisory. - CVE-2021-28091: Fixed XML signature wrapping vulnerability when parsing SAML responses. bsc1186768 Tenable has extracted the...
Scientific Linux Security Update : lasso on SL7.x i686/x86_64 (2021:2989)
The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:2989-1 advisory. - lasso: XML signature wrapping vulnerability when parsing SAML responses CVE-2021-28091 Note that Nessus has not tested for this issue but has instead...
Important: Red Hat Security Advisory: lasso security update
An update for lasso is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
lasso security update
2.5.1-8 - Fix Coverity warning introduced by the previous patch - Related: 1963855 - CVE-2021-28091 lasso: XML signature wrapping vulnerability when parsing SAML responses 2.5.1-7 - Fix Coverity warning introduced by the previous patch - Related: 1963855 - CVE-2021-28091 lasso: XML signature...