[DLA 4397-1] lasso security update
ELA-1590-1 lasso security update
[SECURITY] [DLA 4397-1] lasso security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4397-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
December 08, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : lasso
Version : 2.6.1-3+deb11u1
CVE ID : CVE-2025-46404 CVE-2025-46705 CVE-2025-46784 CVE-2025-47151
Keane O'Kelley discovered several vulnerabilities in lasso, a library
implementing Liberty Alliance and SAML protocols, which could result
in denial of service or the execution of arbitrary code.
For Debian 11 bullseye, these problems have been fixed in version
2.6.1-3+deb11u1.
We recommend that you upgrade your lasso packages.
For the detailed security status of lasso please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lasso
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1590-1 lasso security update
Package : lasso
Version : 2.5.0-5+deb9u2 (stretch), 2.6.0-2+deb10u2 (buster)
Related CVEs :
CVE-2025-46404
CVE-2025-46705
CVE-2025-46784
CVE-2025-47151
Keane O’Kelley discovered several vulnerabilities in lasso, a library
implementing Liberty Alliance and SAML protocols, which could result in
denial of service or the execution of arbitrary code.ELA-1590-1 lasso security update
