ELSA-2021-4325

ULN >
Oracle Linux Errata repository >
ELSA-2021-4325

ELSA-2021-4325 - lasso security and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2021-11-16

Description

[2.6.0-12]
- Fix a dead code issue in the signature wrapping patch
- Resolves: rhbz#1951653 - CVE-2021-28091 lasso: XML signature wrapping
vulnerability when parsing SAML responses [rhel-8]

[2.6.0-11]
- Bump release to force the package through OSCI as the previous
build reached CI just in time for an outage
- Related: rhbz#1888195 - [RFE] release (built) python3-lasso pkg (comingfrom lasso)

[2.6.0-10]
- Resolves: rhbz#1951653 - CVE-2021-28091 lasso: XML signature wrapping
vulnerability when parsing SAML responses [rhel-8]

[2.6.0-9]
- Resolves: rhbz#1888195 - [RFE] release (built) python3-lasso pkg (coming
from lasso)

Related CVEs

CVE-2021-28091

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	lasso-2.6.0-12.el8.src.rpm	e3996c35f2a94bfb920a0198aeb7cee33f997ab977bf0302893a267ae5f3000d	-	ol8_aarch64_appstream
	lasso-2.6.0-12.el8.src.rpm	e3996c35f2a94bfb920a0198aeb7cee33f997ab977bf0302893a267ae5f3000d	-	ol8_aarch64_codeready_builder
	lasso-2.6.0-12.el8.src.rpm	e3996c35f2a94bfb920a0198aeb7cee33f997ab977bf0302893a267ae5f3000d	-	ol8_aarch64_distro_builder
	lasso-2.6.0-12.el8.aarch64.rpm	cd5bb2dc1d601cd613e498349a37de27aaa6a2b82e08d432a2dff56ad67b8aed	-	ol8_aarch64_appstream
	lasso-devel-2.6.0-12.el8.aarch64.rpm	17c6c4f9e483c8521bdf6e072b6fb959f7a430c5ffce6a1b08ccb033a79e96c4	-	ol8_aarch64_codeready_builder
	lasso-devel-2.6.0-12.el8.aarch64.rpm	17c6c4f9e483c8521bdf6e072b6fb959f7a430c5ffce6a1b08ccb033a79e96c4	-	ol8_aarch64_distro_builder

Oracle Linux 8 (x86_64)	lasso-2.6.0-12.el8.src.rpm	e3996c35f2a94bfb920a0198aeb7cee33f997ab977bf0302893a267ae5f3000d	-	ol8_x86_64_appstream
	lasso-2.6.0-12.el8.src.rpm	e3996c35f2a94bfb920a0198aeb7cee33f997ab977bf0302893a267ae5f3000d	-	ol8_x86_64_codeready_builder
	lasso-2.6.0-12.el8.src.rpm	e3996c35f2a94bfb920a0198aeb7cee33f997ab977bf0302893a267ae5f3000d	-	ol8_x86_64_distro_builder
	lasso-2.6.0-12.el8.i686.rpm	6b17cc49bc4d07498af663e8197def0b0226b46efd7e4089f2ee93508e10e47d	-	ol8_x86_64_appstream
	lasso-2.6.0-12.el8.x86_64.rpm	7804d4589d04793677f4285f27780257e5a9de507c1545a6982f34e77834bc48	-	ol8_x86_64_appstream
	lasso-devel-2.6.0-12.el8.i686.rpm	5b111b5eb94db3e982a9a53b2497d77c6482b3b5cb90716352b5a9792b817139	-	ol8_x86_64_codeready_builder
	lasso-devel-2.6.0-12.el8.x86_64.rpm	0fd98a1da56dd24e5b2159eabc68bab680a467c84b6ebdfda986f281ccc4db08	-	ol8_x86_64_codeready_builder
	lasso-devel-2.6.0-12.el8.x86_64.rpm	0fd98a1da56dd24e5b2159eabc68bab680a467c84b6ebdfda986f281ccc4db08	-	ol8_x86_64_distro_builder

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691