ELSA-2019-0766

ELSA-2019-0766 - mod_auth_mellon security and bug fix update

Type:SECURITY
Severity:IMPORTANT
Release Date:2019-04-16

Description


[0.14.0-2.4]
- Actually apply the patch in the previous build
- Resolves: rhbz#1697488 - CVE-2019-3877 mod_auth_mellon: open redirect
in logout url when using URLs with backslashes

[0.14.0-2.3]
- Resolves: rhbz#1697488 - CVE-2019-3877 mod_auth_mellon: open redirect
in logout url when using URLs with backslashes
[rhel-7] [rhel-7.6.z]

[0.14.0-2.2]
- Resolves: rhbz#1697487 - mod_auth_mellon Cert files name wrong when
hostname contains a number

[0.14.0-2.1]
- Resolves: rhbz#1692455 - CVE-2019-3878 mod_auth_mellon: authentication
bypass in ECP flow [rhel-7.6.z]


Related CVEs


CVE-2019-3877
CVE-2019-3878

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) mod_auth_mellon-0.14.0-2.el7_6.4.src.rpma3c8ef8f56edd3464cf0f5a498535f5eELBA-2020-5036
mod_auth_mellon-0.14.0-2.el7_6.4.aarch64.rpme8ea2d3df774fb2603397e0a6d173267ELBA-2020-5036
mod_auth_mellon-diagnostics-0.14.0-2.el7_6.4.aarch64.rpmdffd70c3c8d8311978e066047138e6c4ELBA-2020-5036
Oracle Linux 7 (x86_64) mod_auth_mellon-0.14.0-2.el7_6.4.src.rpma3c8ef8f56edd3464cf0f5a498535f5eELBA-2020-5036
mod_auth_mellon-0.14.0-2.el7_6.4.x86_64.rpm783d3fa4e33ab78aea8331cdb92ba281ELBA-2020-5036
mod_auth_mellon-diagnostics-0.14.0-2.el7_6.4.x86_64.rpm1b64ed529480fbf354ccbbf5915f3960ELBA-2020-5036



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete