Debian Security Advisory DSA 1700-1 (lasso) Network Vulnerability

Summary

The remote host is missing an update to lasso announced via advisory DSA 1700-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201700-1

Insight

It was discovered that Lasso, a library for Liberty Alliance and SAML protocols performs incorrect validation of the return value of OpenSSL's DSA_verify() function. For the stable distribution (etch), this problem has been fixed in version 0.6.5-3+etch1. For the upcoming stable distribution (lenny) and the unstable distribution (sid), this problem has been fixed in version 2.2.1-2. We recommend that you upgrade your lasso package.

Severity

Classification

CVE CVE-2009-0050
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 1025-1 (dia)
Debian Security Advisory DSA 007-1 (zope)
Debian Security Advisory DSA 1077-1 (lynx-ssl)
Debian Security Advisory DSA 1023-1 (kaffeine)
Debian Security Advisory DSA 1102-1 (pinball)

Take action and discover your vulnerabilities