From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1700-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 11, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : lasso
Vulnerability : incorrect API usage
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-0050
Debian Bug : 511262

It was discovered that Lasso, a library for Liberty Alliance and SAML
protocols performs incorrect validation of the return value of OpenSSL's DSA_verify() function.

For the stable distribution (etch), this problem has been fixed in
version 0.6.5-3+etch1.

For the upcoming stable distribution (lenny) and the unstable
distribution (sid), this problem has been fixed in version 2.2.1-2.

We recommend that you upgrade your lasso package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/l/lasso/lasso_0.6.5-3+etch1.diff.gz
Size/MD5 checksum: 7571 1795008d78e35b8e3a098e5f72fabe68
http://security.debian.org/pool/updates/main/l/lasso/lasso_0.6.5.orig.tar.gz
Size/MD5 checksum: 1420093 6263375e5910577258a04882b50d58cd
http://security.debian.org/pool/updates/main/l/lasso/lasso_0.6.5-3+etch1.dsc
Size/MD5 checksum: 1149 a2975d5f40cc77b4416189c91b640626

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_alpha.deb
Size/MD5 checksum: 188988 52db78dd66b6ee7af8e952423a5bae69
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_alpha.deb
Size/MD5 checksum: 202066 25f98352704c905d0ec9e50a876eca5b
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_alpha.deb
Size/MD5 checksum: 243412 7f7cc9c581abcb282255437e0347a4a5
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_alpha.deb
Size/MD5 checksum: 199052 7846d19823e3f0f3920e225565612241
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_alpha.deb
Size/MD5 checksum: 102330 3162bda7c4114d1077de147f74fedca2

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_amd64.deb
Size/MD5 checksum: 190932 9d0ad6de3244a13c21ffd9c9f84c84cb
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_amd64.deb
Size/MD5 checksum: 96332 3826a242c6c8d970d16947da4f9ebad8
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_amd64.deb
Size/MD5 checksum: 197730 2df1a9f5846da409446cf2fe639fdd18
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_amd64.deb
Size/MD5 checksum: 181050 33a215818d3127efe4783f6450a65e38
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_amd64.deb
Size/MD5 checksum: 203192 7bf3acad905bc1d1d3db1dc6a2376fb2

arm architecture (ARM)

http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_arm.deb
Size/MD5 checksum: 160002 98cd9c31a9c5cc6e2d00af6994df275f
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_arm.deb
Size/MD5 checksum: 170136 ffdf6a636e0976dc2453c3c4cdde6148
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_arm.deb
Size/MD5 checksum: 79320 b7e55e0058211a978b081d34200b6dd2
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_arm.deb
Size/MD5 checksum: 171604 20252678b9734a661bb9d1de85bcc19f
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_arm.deb
Size/MD5 checksum: 162136 27d611c443da457449aae51e1886d850

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_hppa.deb
Size/MD5 checksum: 205932 81450e57634addeaf1184fbd22e77e8a
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_hppa.deb
Size/MD5 checksum: 196804 115fb72d48047215dde67725977f4776
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_hppa.deb
Size/MD5 checksum: 107412 3531a223c7c38a90ad18c1cdb305f056
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_hppa.deb
Size/MD5 checksum: 194800 e76b5149eb02bab77a2748e56b1fa607
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_hppa.deb
Size/MD5 checksum: 190720 16abaafbdf73a532c807f4fc08cb826a

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_i386.deb
Size/MD5 checksum: 166418 105a00318a2b57dea1c3957c976ba73e
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_i386.deb
Size/MD5 checksum: 184638 b4ba5bb2f5d38d3b60493433425c3a11
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_i386.deb
Size/MD5 checksum: 182136 594c2da1dfaea16e7f52245b5eed87aa
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_i386.deb
Size/MD5 checksum: 86676 0926b46ed2e93ddf24693fdf61828521

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)