Debian Security Advisory DSA 1700-1 (lasso) Network Vulnerability

Summary

The remote host is missing an update to lasso announced via advisory DSA 1700-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201700-1

Insight

It was discovered that Lasso, a library for Liberty Alliance and SAML protocols performs incorrect validation of the return value of OpenSSL's DSA_verify() function. For the stable distribution (etch), this problem has been fixed in version 0.6.5-3+etch1. For the upcoming stable distribution (lenny) and the unstable distribution (sid), this problem has been fixed in version 2.2.1-2. We recommend that you upgrade your lasso package.

Severity

Classification

CVE CVE-2009-0050

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 1071-1 (mysql)
Debian Security Advisory DSA 068-1 (openldap)
Debian Security Advisory DSA 1111-1 (kernel-source-2.6.8 et. al.)
Debian Security Advisory DSA 055-1 (gftp)
Debian Security Advisory DSA 037-1 (nextaw, xaw3d, xaw95)

Take action and discover your vulnerabilities