ELSA-2019-3421
- ULN >
- Oracle Linux Errata repository >
- ELSA-2019-3421
ELSA-2019-3421 - mod_auth_mellon security, bug fix, and enhancement update
| Type: | SECURITY |
| Impact: | MODERATE |
| Release Date: | 2019-11-14 |
Description
[0.14.0-9]
- Just bump the release number
- Related: rhbz#1718238 - mod_auth_mellon-diagnostics RPM not in product
listings
[0.14.0-8]
- Resolves: rhbz#1691894 - [RFE] Config option to change mod_auth_mellon prefix
[0.14.0-7]
- Apply the patch from the previous commit
- Resolves: rhbz#1692471 - CVE-2019-3877 appstream/mod_auth_mellon: open
redirect in logout url when using URLs with
backslashes [rhel-8]
[0.14.0-6]
- Resolves: rhbz#1692471 - CVE-2019-3877 appstream/mod_auth_mellon: open
redirect in logout url when using URLs with
backslashes [rhel-8]
[0.14.0-5]
- Resolves: rhbz#1692457 - CVE-2019-3878 mod_auth_mellon: authentication
bypass in ECP flow [rhel-8.1.0]
[0.14.0-4]
- Resolves: rhbz#1702695 - fresh install of mod_auth_mellon shows rpm
verification warnings
Related CVEs
| CVE-2019-3877 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 8 (aarch64) | mod_auth_mellon-0.14.0-9.el8.src.rpm | cc27a8aa41a8aa0efb4595f3684d88339f238b6e6a5e15d5f8783ce3ec3b3ca4 | - | ol8_aarch64_appstream |
| mod_auth_mellon-0.14.0-9.el8.aarch64.rpm | 8ecdef7ab4c25a2cc93c36661f70e49c838fe4f68cb1b7e03279649266c95040 | - | ol8_aarch64_appstream | |
| mod_auth_mellon-diagnostics-0.14.0-9.el8.aarch64.rpm | 9c9b8d67153761653c3f188ef471079e13f0cd323045de2d236fb60f89b7a2c5 | - | ol8_aarch64_appstream | |
| Oracle Linux 8 (x86_64) | mod_auth_mellon-0.14.0-9.el8.src.rpm | cc27a8aa41a8aa0efb4595f3684d88339f238b6e6a5e15d5f8783ce3ec3b3ca4 | - | ol8_x86_64_appstream |
| mod_auth_mellon-0.14.0-9.el8.x86_64.rpm | dc273836d60b5a67b4a5199ea5ff91ebab7d5688b5fa5333efcbf59fad1a0055 | - | ol8_x86_64_appstream | |
| mod_auth_mellon-diagnostics-0.14.0-9.el8.x86_64.rpm | 9265978914b0c32125e28eb8079bbce7c95a536417117066c72b5c2fdd8a4f0d | - | ol8_x86_64_appstream | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
