------------------------------------------------------------------------- Debian LTS Advisory DLA-4115-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Daniel Leidert April 05, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : ruby-saml Version : 1.11.0-1+deb11u2 CVE ID : CVE-2025-25291 CVE-2025-25292 CVE-2025-25293 Debian Bug : 1100441 Multiple vulnerabilities have been detected in ruby-saml, a library for implementing the client side of a SAML authorization. CVE-2025-25291 and CVE-2025-25292 ruby-saml is susceptible to an authentication bypass vulnerability. CVE-2025-25293 ruby-saml is susceptible to a Zlib deflate decompression bomb and a remote Denial of Service (DoS) caused by compressed SAML responses. For Debian 11 bullseye, these problems have been fixed in version 1.11.0-1+deb11u2. We recommend that you upgrade your ruby-saml packages. For the detailed security status of ruby-saml please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby-saml Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part