Vulnerability CVE-2021-28091: Information

Description

Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-28091
Published: June 4, 2021
Modified: Nov. 7, 2023
Error type identifier: CWE-347

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
lassosisyphus2.7.0-alt12.8.2-alt3ALT-PU-2021-2195-1278474Fixed
lassop102.7.0-alt12.7.0-alt1ALT-PU-2021-2195-1278474Fixed
lassoc10f12.7.0-alt12.7.0-alt1ALT-PU-2021-2195-1278474Fixed
lassoc9f22.6.0-alt2.c9f2.22.6.0-alt2.c9f2.2ALT-PU-2022-1831-1299511Fixed
lassop112.7.0-alt12.8.2-alt3ALT-PU-2021-2195-1278474Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://git.entrouvert.org/lasso.git/commit/?id=076a37d7f0eb74001127481da2d355683693cde9
  • Patch
  • Vendor Advisory
http://listes.entrouvert.com/arc/lasso/
  • Product
https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0
  • Release Notes
  • Vendor Advisory
DSA-4926
  • Third Party Advisory
[debian-lts-announce] 20210610 [SECURITY] [DLA 2684-1] lasso security update
  • Mailing List
  • Third Party Advisory
FEDORA-2021-bb3ea1e191
    FEDORA-2021-508acb1153

        1. Configuration 1

          cpe:2.3:a:entrouvert:lasso:*:*:*:*:*:*:*:*
          End excliding
          2.7.0

          Configuration 2

          cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
          cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

          Configuration 3

          cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
          cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.3
      Back to top