FortiClient VulnerabilityRedHat lasso CVE-2021-28091 Signature Verification Bypass Vulnerability
Description
The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages. Security Fix(es): lasso: XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. SolutionFor details on how to apply this update, which includes the changes described in this advisory, refer to:https://access.redhat.com/articles/11258
Affected Applications
lasso
CVE References
CVE-2021-28091Other References
https://access.redhat.com/errata/RHSA-2021:2989| ID | 68750 |
| Created | Aug 07, 2021 |
| Description Updated |
Jan 25, 2024 |
| Risk |
|
| Coverage | FortiClient |
| OS | Linux |
| Vendor | RedHat |
| Patch | auto |
| Application | lasso |