SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4068

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4068

Security update for lasso

Type: security

Severity: critical

Issued: 2025-11-12

Description:

This update for lasso fixes the following issues:

- CVE-2025-46404: Fixed denial of service in Entr'ouvert Lasso (bsc#1253092)
- CVE-2025-46705: Fixed denial of service in Entr'ouvert Lasso (bsc#1253093)
- CVE-2025-47151: Fixed type confusion vulnerability in the
  lasso_node_impl_init_from_xml functionality (bsc#1253095)

References

CVE: CVE-2025-47151
CVE: CVE-2025-46705
CVE: CVE-2025-46404
Bugzilla: 1253095 VUL-0: CVE-2025-47151: lasso: type confusion vulnerability in the lasso_node_impl_init_from_xml functionality
Bugzilla: 1253093 VUL-0: CVE-2025-46705: lasso: Denial of service in Entr'ouvert Lasso
Bugzilla: 1253092 VUL-0: CVE-2025-46404: lasso: Denial of service in Entr'ouvert Lasso

Packages

lasso-2.8.2-150600.3.5.1