Stay Connected:

ELSA-2019-0766

ELSA-2019-0766 - mod_auth_mellon security and bug fix update

Type:SECURITY
Impact:IMPORTANT
Release Date:2019-04-16

Description


[0.14.0-2.4]
- Actually apply the patch in the previous build
- Resolves: rhbz#1697488 - CVE-2019-3877 mod_auth_mellon: open redirect
in logout url when using URLs with backslashes

[0.14.0-2.3]
- Resolves: rhbz#1697488 - CVE-2019-3877 mod_auth_mellon: open redirect
in logout url when using URLs with backslashes
[rhel-7] [rhel-7.6.z]

[0.14.0-2.2]
- Resolves: rhbz#1697487 - mod_auth_mellon Cert files name wrong when
hostname contains a number

[0.14.0-2.1]
- Resolves: rhbz#1692455 - CVE-2019-3878 mod_auth_mellon: authentication
bypass in ECP flow [rhel-7.6.z]


Related CVEs


CVE-2019-3877
CVE-2019-3878

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 7 (aarch64) mod_auth_mellon-0.14.0-2.el7_6.4.src.rpme2d97dac3e5a6cbffad534366697caeec23da35160d9531cd8f11b739c49e831ELBA-2020-5036ol7_aarch64_latest
mod_auth_mellon-0.14.0-2.el7_6.4.src.rpme2d97dac3e5a6cbffad534366697caeec23da35160d9531cd8f11b739c49e831ELBA-2020-5036ol7_aarch64_optional_latest
mod_auth_mellon-0.14.0-2.el7_6.4.src.rpme2d97dac3e5a6cbffad534366697caeec23da35160d9531cd8f11b739c49e831ELBA-2020-5036ol7_aarch64_u7_base
mod_auth_mellon-0.14.0-2.el7_6.4.aarch64.rpm476169bf67b5272fbbdc273c987d917141a961f2a818787d12c2633935e7ea33ELBA-2020-5036ol7_aarch64_latest
mod_auth_mellon-0.14.0-2.el7_6.4.aarch64.rpm476169bf67b5272fbbdc273c987d917141a961f2a818787d12c2633935e7ea33ELBA-2020-5036ol7_aarch64_u7_base
mod_auth_mellon-diagnostics-0.14.0-2.el7_6.4.aarch64.rpm3ff01106c3b94c8ba105e8565e3f84ab98cfa48b0b51b167fbc287ec77df8f9cELBA-2020-5036ol7_aarch64_optional_latest
Oracle Linux 7 (x86_64) mod_auth_mellon-0.14.0-2.el7_6.4.src.rpme2d97dac3e5a6cbffad534366697caeec23da35160d9531cd8f11b739c49e831ELBA-2020-5036ol7_x86_64_latest
mod_auth_mellon-0.14.0-2.el7_6.4.src.rpme2d97dac3e5a6cbffad534366697caeec23da35160d9531cd8f11b739c49e831ELBA-2020-5036ol7_x86_64_optional_latest
mod_auth_mellon-0.14.0-2.el7_6.4.src.rpme2d97dac3e5a6cbffad534366697caeec23da35160d9531cd8f11b739c49e831ELBA-2020-5036ol7_x86_64_u6_patch
mod_auth_mellon-0.14.0-2.el7_6.4.src.rpme2d97dac3e5a6cbffad534366697caeec23da35160d9531cd8f11b739c49e831ELBA-2020-5036ol7_x86_64_u7_base
mod_auth_mellon-0.14.0-2.el7_6.4.x86_64.rpme141b67ab44781c0e2649628222b4e62ca5f26e1514c2f327b206bfebb65d222ELBA-2020-5036ol7_x86_64_latest
mod_auth_mellon-0.14.0-2.el7_6.4.x86_64.rpme141b67ab44781c0e2649628222b4e62ca5f26e1514c2f327b206bfebb65d222ELBA-2020-5036ol7_x86_64_u6_patch
mod_auth_mellon-0.14.0-2.el7_6.4.x86_64.rpme141b67ab44781c0e2649628222b4e62ca5f26e1514c2f327b206bfebb65d222ELBA-2020-5036ol7_x86_64_u7_base
mod_auth_mellon-diagnostics-0.14.0-2.el7_6.4.x86_64.rpm83240535c4225fc87b7259cb121d7bad8fe96acfab7e3a5ebf18eb49f3c75f3dELBA-2020-5036ol7_x86_64_optional_latest



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights