ELBA-2024-16080
- ULN >
- Oracle Linux Errata repository >
- ELBA-2024-16080
ELBA-2024-16080 - lasso-epel Bug Fix update
| Type: | BUG |
| Impact: | NA |
| Release Date: | 2024-01-06 |
Description
[2.5.1-8]
- Convert to lasso-epel package to ship missing perl-lasso subpackage rhbz#2251952
[2.5.1-8]
- Fix Coverity warning introduced by the previous patch
- Related: #1963855 - CVE-2021-28091 lasso: XML signature wrapping
vulnerability when parsing SAML responses
[2.5.1-7]
- Fix Coverity warning introduced by the previous patch
- Related: #1963855 - CVE-2021-28091 lasso: XML signature wrapping
vulnerability when parsing SAML responses
[2.5.1-6]
- Resolves: #1963855 - CVE-2021-28091 lasso: XML signature wrapping
vulnerability when parsing SAML responses
[2.5.1-5]
- Resolves: #1719014 - Expired certificate prevents tests from running
- Actually apply the patch file for the previous build
- Related: #1730009 - lasso includes 'Destination' attribute in SAML
AuthnRequest populated with SP
AssertionConsumerServiceURL when ECP workflow
is used which leads to IdP-side errors
[2.5.1-4]
- Resolves: #1730009 - lasso includes 'Destination' attribute in SAML
AuthnRequest populated with SP
AssertionConsumerServiceURL when ECP workflow
is used which leads to IdP-side errors
[2.5.1-3]
- Resolves: #1634267 - ECP signature check fails with
LASSO_DS_ERROR_SIGNATURE_NOT_FOUND when assertion signed
instead of response
[2.5.1-2]
- Rebase to upstream 2.5.1
Resolves: #1310860
- add validate_idp_list_test patch
[2.5.1-1]
- Rebase to upstream 2.5.1
Resolves: #1310860
[2.5.0-1]
- Rebase to upstream, now includes our ECP patches, no need to patch any more
Resolves: #1205342
[2.4.1-8]
- Add explicit minimum dependency on glib2 2.42,
for some reason RPM is not automatically detecting the dependency
Resolves: #1254989
[2.4.1-7]
- Add ECP support, brings Lasso up to current upstream tip + revised ECP patches
Resolves: #1205342
[2.4.1-6]
- Add ECP support, brings Lasso up to current upstream tip + ECP patches
Resolves: #1205342
[2.4.1-5]
- Add support for ADFS interoperability
- Resolves: #1160803
[2.4.1-4]
- Add missing covscan related patches previously sent upstream
- Related: #1120360
[2.4.1-3]
- ppc4le fails to build without autoreconf being run first
- Resolves: #1140419
[2.4.1-2]
- Import packge in RHEL7
- Resolves: #1120360
[2.4.1-1]
- New upstream relase 2.4.1
- Drop patches as they have all been integrated upstream
[2.4.0-5]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
[2.4.0-4]
- rebuild for https://fedoraproject.org/wiki/Changes/Php56
- add numerical prefix to extension configuration file
- drop unneeded dependency on pecl
- add provides php-lasso
[2.4.0-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
[2.4.0-2]
- Fixes for arches where pointers and integers do not have the same size
(ppc64, s390, etc..)
[2.4.0-1]
- Use OpenJDK instead of GCJ for java bindings
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 7 (x86_64) | lasso-epel-2.5.1-8.el7.src.rpm | dc30f8f294f31d6ddef1b4f4135c953ee6bed4d7eea0c4a19e5d44d398871542 | - | ol7_x86_64_developer_EPEL |
| perl-lasso-2.5.1-8.el7.x86_64.rpm | 10376e657431557e5cc1a4a4a0925a009a2a9d6b968bb7756d265abd996efb9d | - | ol7_x86_64_developer_EPEL | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
