ELSA-2020-1003

ELSA-2020-1003 - mod_auth_mellon security and bug fix update

Type:SECURITY
Severity:MODERATE
Release Date:2020-04-06

Description


[0.14.0-8]
- Resolves: rhbz#1731052 - CVE-2019-13038 mod_auth_mellon: an Open Redirect via
the login?ReturnTo= substring which could facilitate
information theft [rhel-7]

[0.14.0-7]
- Resolves: rhbz#1727789 - mod_auth_mellon fix for AJAX header name
X-Requested-With

[0.14.0-6]
- Apply the patch from the previous commit
- Resolves: rhbz#1692470 - CVE-2019-3877 mod_auth_mellon: open redirect
in logout url when using URLs with backslashes
[rhel-7]

[0.14.0-5]
- Resolves: rhbz#1692470 - CVE-2019-3877 mod_auth_mellon: open redirect
in logout url when using URLs with backslashes
[rhel-7]

[0.14.0-4]
- Resolves: rhbz#1576719 - ECP flow not triggering, instead client access
secured resources without ECP authentication

[0.14.0-3]
- Resolves: rhbz#1652980 - mod_auth_mellon Cert files name wrong when
hostname contains a number


Related CVEs


CVE-2019-13038

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) mod_auth_mellon-0.14.0-8.el7.src.rpm3969d216f8bace837e97b54bf6b4deecELBA-2020-5036
mod_auth_mellon-0.14.0-8.el7.aarch64.rpmdb9c91e89416f9b178528cd2497d74b7ELBA-2020-5036
mod_auth_mellon-diagnostics-0.14.0-8.el7.aarch64.rpm0fececd64fbc99f36bd708cee805be3fELBA-2020-5036
Oracle Linux 7 (x86_64) mod_auth_mellon-0.14.0-8.el7.src.rpm3969d216f8bace837e97b54bf6b4deecELBA-2020-5036
mod_auth_mellon-0.14.0-8.el7.x86_64.rpm90fb0d3dc20ae1d9bbacb365a65737afELBA-2020-5036
mod_auth_mellon-diagnostics-0.14.0-8.el7.x86_64.rpm9bda61339f04ffa7e1a1a0bce7ad63dcELBA-2020-5036



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete