Amazon Linux 2023 Security Advisory: ALAS2023-2025-1285
Advisory Released Date: 2025-11-10
Advisory Updated Date: 2025-11-10
FAQs regarding Amazon Linux ALAS/CVE Severity
A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability. (CVE-2025-46404)
A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability. (CVE-2025-46705)
A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability. (CVE-2025-47151)
Affected Packages:
lasso
Issue Correction:
Run dnf update lasso --releasever 2023.9.20251110 or dnf update --advisory ALAS2023-2025-1285 --releasever 2023.9.20251110 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
lasso-debuginfo-2.9.0-1.amzn2023.aarch64
python3-lasso-2.9.0-1.amzn2023.aarch64
lasso-debugsource-2.9.0-1.amzn2023.aarch64
python3-lasso-debuginfo-2.9.0-1.amzn2023.aarch64
perl-lasso-debuginfo-2.9.0-1.amzn2023.aarch64
lasso-devel-2.9.0-1.amzn2023.aarch64
lasso-2.9.0-1.amzn2023.aarch64
perl-lasso-2.9.0-1.amzn2023.aarch64
src:
lasso-2.9.0-1.amzn2023.src
x86_64:
lasso-debuginfo-2.9.0-1.amzn2023.x86_64
python3-lasso-debuginfo-2.9.0-1.amzn2023.x86_64
lasso-debugsource-2.9.0-1.amzn2023.x86_64
perl-lasso-debuginfo-2.9.0-1.amzn2023.x86_64
python3-lasso-2.9.0-1.amzn2023.x86_64
lasso-devel-2.9.0-1.amzn2023.x86_64
lasso-2.9.0-1.amzn2023.x86_64
perl-lasso-2.9.0-1.amzn2023.x86_64