ELSA-2020-1003

ULN >
Oracle Linux Errata repository >
ELSA-2020-1003

ELSA-2020-1003 - mod_auth_mellon security and bug fix update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2020-04-06

Description

[0.14.0-8]
- Resolves: rhbz#1731052 - CVE-2019-13038 mod_auth_mellon: an Open Redirect via
the login?ReturnTo= substring which could facilitate
information theft [rhel-7]

[0.14.0-7]
- Resolves: rhbz#1727789 - mod_auth_mellon fix for AJAX header name
X-Requested-With

[0.14.0-6]
- Apply the patch from the previous commit
- Resolves: rhbz#1692470 - CVE-2019-3877 mod_auth_mellon: open redirect
in logout url when using URLs with backslashes
[rhel-7]

[0.14.0-5]
- Resolves: rhbz#1692470 - CVE-2019-3877 mod_auth_mellon: open redirect
in logout url when using URLs with backslashes
[rhel-7]

[0.14.0-4]
- Resolves: rhbz#1576719 - ECP flow not triggering, instead client access
secured resources without ECP authentication

[0.14.0-3]
- Resolves: rhbz#1652980 - mod_auth_mellon Cert files name wrong when
hostname contains a number

Related CVEs

CVE-2019-13038

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (aarch64)	mod_auth_mellon-0.14.0-8.el7.src.rpm	4faaa4bd0649e14456c8a85f9a5a5e07a65a50dfde223f2785047a28db1b89fd	ELBA-2020-5036	ol7_aarch64_beta
	mod_auth_mellon-0.14.0-8.el7.src.rpm	4faaa4bd0649e14456c8a85f9a5a5e07a65a50dfde223f2785047a28db1b89fd	ELBA-2020-5036	ol7_aarch64_latest
	mod_auth_mellon-0.14.0-8.el7.src.rpm	4faaa4bd0649e14456c8a85f9a5a5e07a65a50dfde223f2785047a28db1b89fd	ELBA-2020-5036	ol7_aarch64_u8_base
	mod_auth_mellon-0.14.0-8.el7.src.rpm	4faaa4bd0649e14456c8a85f9a5a5e07a65a50dfde223f2785047a28db1b89fd	ELBA-2020-5036	ol7_aarch64_u9_base
	mod_auth_mellon-0.14.0-8.el7.aarch64.rpm	69adde1c66411fb5ac492953f714f9dcad6cc6f1f7fe6d2359de9811e447fedf	ELBA-2020-5036	ol7_aarch64_beta
	mod_auth_mellon-0.14.0-8.el7.aarch64.rpm	69adde1c66411fb5ac492953f714f9dcad6cc6f1f7fe6d2359de9811e447fedf	ELBA-2020-5036	ol7_aarch64_latest
	mod_auth_mellon-0.14.0-8.el7.aarch64.rpm	69adde1c66411fb5ac492953f714f9dcad6cc6f1f7fe6d2359de9811e447fedf	ELBA-2020-5036	ol7_aarch64_u8_base
	mod_auth_mellon-0.14.0-8.el7.aarch64.rpm	69adde1c66411fb5ac492953f714f9dcad6cc6f1f7fe6d2359de9811e447fedf	ELBA-2020-5036	ol7_aarch64_u9_base
	mod_auth_mellon-diagnostics-0.14.0-8.el7.aarch64.rpm	c780532940018a23b7870ace22f533afb0581e8f61a5789664f12e5bd02ad6b2	ELBA-2020-5036	ol7_aarch64_beta
	mod_auth_mellon-diagnostics-0.14.0-8.el7.aarch64.rpm	c780532940018a23b7870ace22f533afb0581e8f61a5789664f12e5bd02ad6b2	ELBA-2020-5036	ol7_aarch64_latest
	mod_auth_mellon-diagnostics-0.14.0-8.el7.aarch64.rpm	c780532940018a23b7870ace22f533afb0581e8f61a5789664f12e5bd02ad6b2	ELBA-2020-5036	ol7_aarch64_u8_base
	mod_auth_mellon-diagnostics-0.14.0-8.el7.aarch64.rpm	c780532940018a23b7870ace22f533afb0581e8f61a5789664f12e5bd02ad6b2	ELBA-2020-5036	ol7_aarch64_u9_base

Oracle Linux 7 (x86_64)	mod_auth_mellon-0.14.0-8.el7.src.rpm	4faaa4bd0649e14456c8a85f9a5a5e07a65a50dfde223f2785047a28db1b89fd	ELBA-2020-5036	ol7_x86_64_beta
	mod_auth_mellon-0.14.0-8.el7.src.rpm	4faaa4bd0649e14456c8a85f9a5a5e07a65a50dfde223f2785047a28db1b89fd	ELBA-2020-5036	ol7_x86_64_latest
	mod_auth_mellon-0.14.0-8.el7.src.rpm	4faaa4bd0649e14456c8a85f9a5a5e07a65a50dfde223f2785047a28db1b89fd	ELBA-2020-5036	ol7_x86_64_u8_base
	mod_auth_mellon-0.14.0-8.el7.src.rpm	4faaa4bd0649e14456c8a85f9a5a5e07a65a50dfde223f2785047a28db1b89fd	ELBA-2020-5036	ol7_x86_64_u9_base
	mod_auth_mellon-0.14.0-8.el7.x86_64.rpm	80d0f27b6da143bfc4e438c193fe80dad3068d2bd815ba898f3aaf9ff7a892e7	ELBA-2020-5036	ol7_x86_64_beta
	mod_auth_mellon-0.14.0-8.el7.x86_64.rpm	80d0f27b6da143bfc4e438c193fe80dad3068d2bd815ba898f3aaf9ff7a892e7	ELBA-2020-5036	ol7_x86_64_latest
	mod_auth_mellon-0.14.0-8.el7.x86_64.rpm	80d0f27b6da143bfc4e438c193fe80dad3068d2bd815ba898f3aaf9ff7a892e7	ELBA-2020-5036	ol7_x86_64_u8_base
	mod_auth_mellon-0.14.0-8.el7.x86_64.rpm	80d0f27b6da143bfc4e438c193fe80dad3068d2bd815ba898f3aaf9ff7a892e7	ELBA-2020-5036	ol7_x86_64_u9_base
	mod_auth_mellon-diagnostics-0.14.0-8.el7.x86_64.rpm	b67741198034e94ccbfab5aef41b4ee7eee784555954e09f611ac00963408119	ELBA-2020-5036	ol7_x86_64_beta
	mod_auth_mellon-diagnostics-0.14.0-8.el7.x86_64.rpm	b67741198034e94ccbfab5aef41b4ee7eee784555954e09f611ac00963408119	ELBA-2020-5036	ol7_x86_64_latest
	mod_auth_mellon-diagnostics-0.14.0-8.el7.x86_64.rpm	b67741198034e94ccbfab5aef41b4ee7eee784555954e09f611ac00963408119	ELBA-2020-5036	ol7_x86_64_u8_base
	mod_auth_mellon-diagnostics-0.14.0-8.el7.x86_64.rpm	b67741198034e94ccbfab5aef41b4ee7eee784555954e09f611ac00963408119	ELBA-2020-5036	ol7_x86_64_u9_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691