| Package | lasso |
|---|---|
| Version | 2.5.0-5+deb9u2 (stretch), 2.6.0-2+deb10u2 (buster) |
| Related CVEs | CVE-2025-46404 CVE-2025-46705 CVE-2025-46784 CVE-2025-47151 |
Keane O’Kelley discovered several vulnerabilities in lasso, a library implementing Liberty Alliance and SAML protocols, which could result in denial of service or the execution of arbitrary code.
For Debian 10 buster, these problems have been fixed in version 2.6.0-2+deb10u2.
For Debian 9 stretch, these problems have been fixed in version 2.5.0-5+deb9u2.
We recommend that you upgrade your lasso packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.