Package lasso updated to version 2.6.0-alt2.c9f2.2 for branch c9f2 in task 299511.

Published: 2021-06-01

BDU:2021-02957

Уязвимость библиотеки Lasso, связанная с небезопасным управлением привилегиями, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2021-28091

Published: 2021-06-04
Modified: 2024-11-21

CVE-2021-28091

Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

http://listes.entrouvert.com/arc/lasso/
http://listes.entrouvert.com/arc/lasso/
https://git.entrouvert.org/lasso.git/commit/?id=076a37d7f0eb74001127481da2d355683693cde9
https://git.entrouvert.org/lasso.git/commit/?id=076a37d7f0eb74001127481da2d355683693cde9
https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0
https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0
[debian-lts-announce] 20210610 [SECURITY] [DLA 2684-1] lasso security update
[debian-lts-announce] 20210610 [SECURITY] [DLA 2684-1] lasso security update
FEDORA-2021-bb3ea1e191
FEDORA-2021-bb3ea1e191
FEDORA-2021-508acb1153
FEDORA-2021-508acb1153
DSA-4926
DSA-4926

Version: 2.1.0

Package lasso update in c9f2 on 2022-05-06

ALT-PU-2022-1831-1

Closed vulnerabilities

BDU:2021-02957

CVE-2021-28091