Home / mailingsPDF  

[USN-7872-1] Lasso vulnerabilities

Posted on 18 November 2025
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-7872-1
November 18, 2025

lasso vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in Lasso.

Software Description:
- lasso: Liberty Alliance and SAML protocol Library

Details:

It was discovered that Lasso incorrectly handled certain malformed SAML
responses. A remote attacker could possibly use this issue to cause Lasso
to crash, resulting in a denial of service. (CVE-2025-46404)

It was discovered that Lasso incorrectly handled certain malformed SAML
assertion responses. A remote attacker could possibly use this issue to
cause Lasso to crash, resulting in a denial of service. (CVE-2025-46705)

It was discovered that Lasso incorrectly handled certain malformed SAML
responses. A remote attacker could possibly use this issue to cause Lasso
to consume memory, resulting in a denial of service. This issue only
affected Ubuntu 22.04 LTS. (CVE-2025-46784)

It was discovered that Lasso incorrectly handled certain malformed SAML
responses. A remote attacker could use this issue to cause Lasso to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2025-47151)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
liblasso-perl 2.8.2-8ubuntu0.1
liblasso3t64 2.8.2-8ubuntu0.1
python3-lasso 2.8.2-8ubuntu0.1

Ubuntu 24.04 LTS
liblasso-perl 2.8.2-2ubuntu0.1
liblasso3t64 2.8.2-2ubuntu0.1
python3-lasso 2.8.2-2ubuntu0.1

Ubuntu 22.04 LTS
liblasso-perl 2.7.0-2ubuntu0.1
liblasso3 2.7.0-2ubuntu0.1
python3-lasso 2.7.0-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7872-1
CVE-2025-46404, CVE-2025-46705, CVE-2025-46784, CVE-2025-47151

Package Information:
https://launchpad.net/ubuntu/+source/lasso/2.8.2-8ubuntu0.1
https://launchpad.net/ubuntu/+source/lasso/2.8.2-2ubuntu0.1
https://launchpad.net/ubuntu/+source/lasso/2.7.0-2ubuntu0.1

--===============1483145868764786787==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :