Issued:: 2025-11-17
Updated:: 2025-11-17

RHSA-2025:21399 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: lasso security update

Type/Severity

Security Advisory: Critical

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for lasso is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages.

Security Fix(es):

lasso: Type confusion in Entr'ouvert Lasso (CVE-2025-47151)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2412739 - CVE-2025-47151 lasso: Type confusion in Entr'ouvert Lasso

CVEs

CVE-2025-47151

References

https://access.redhat.com/security/updates/classification/#critical

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
lasso-2.6.0-8.el8_2.1.src.rpm	SHA-256: abb8f11bc10e2709c56ad3973ad4a0b26c8ee3bc444432a55db79306758a8854
x86_64
java-lasso-debuginfo-2.6.0-8.el8_2.1.i686.rpm	SHA-256: 54d1e5102a0a3d96ecc31e933f07454461ce9195251a61778fe1d7b3cc1a78a7
java-lasso-debuginfo-2.6.0-8.el8_2.1.x86_64.rpm	SHA-256: 1ee6ab32be7194107736c322d4b97422f6ecb42a8b6e56c356837a9b25ca99a8
lasso-2.6.0-8.el8_2.1.i686.rpm	SHA-256: ab6bbbcd812535bb173b54d1df9a9003c970d991038faac044419a721faa1958
lasso-2.6.0-8.el8_2.1.x86_64.rpm	SHA-256: 915e3d762ee8a23a2ccf53a4da5cd4d2d21f74a8d2c16cfa16a839c273d7f368
lasso-debuginfo-2.6.0-8.el8_2.1.i686.rpm	SHA-256: 587cb7c64680688515befa3de0fdd528e22127b8b6b3529a1b04b7391c93fbe5
lasso-debuginfo-2.6.0-8.el8_2.1.x86_64.rpm	SHA-256: 71ed3e07d16ece0d37eb4c5f2ed1003143b8f02672362ce44d476b3bfd397c50
lasso-debugsource-2.6.0-8.el8_2.1.i686.rpm	SHA-256: 3a0e50b0da27ad216ea4b633910437501102e80d7e6a9e6f9e6498a153f45157
lasso-debugsource-2.6.0-8.el8_2.1.x86_64.rpm	SHA-256: 9e6903f7d667b4d7cdbfc09ecbc7e00ee7af4a05857c72453c3027c170391053
perl-lasso-debuginfo-2.6.0-8.el8_2.1.i686.rpm	SHA-256: 8921fc7565b4e45d0cc6b6be59ff431cce3c3a5e9f23b93a55898398bcc04a6d
perl-lasso-debuginfo-2.6.0-8.el8_2.1.x86_64.rpm	SHA-256: c026d534cabaf9151308768b4293e1a0f93f28e13c49a6d1b68e162cc1ee4ee8
python3-lasso-debuginfo-2.6.0-8.el8_2.1.i686.rpm	SHA-256: f2e269d741eaef6cf27bdbc2b643a6373b4a5457dbbce25d665eb8500295dc6c
python3-lasso-debuginfo-2.6.0-8.el8_2.1.x86_64.rpm	SHA-256: 7e84ef0acfc9f23f9442d94ff5abf3e8a58f27399287f716d00bd7b5a028f16b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation