ELSA-2020-1003 - mod_auth_mellon security and bug fix update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2020-04-06 |
Description
[0.14.0-8]
- Resolves: rhbz#1731052 - CVE-2019-13038 mod_auth_mellon: an Open Redirect via
the login?ReturnTo= substring which could facilitate
information theft [rhel-7]
[0.14.0-7]
- Resolves: rhbz#1727789 - mod_auth_mellon fix for AJAX header name
X-Requested-With
[0.14.0-6]
- Apply the patch from the previous commit
- Resolves: rhbz#1692470 - CVE-2019-3877 mod_auth_mellon: open redirect
in logout url when using URLs with backslashes
[rhel-7]
[0.14.0-5]
- Resolves: rhbz#1692470 - CVE-2019-3877 mod_auth_mellon: open redirect
in logout url when using URLs with backslashes
[rhel-7]
[0.14.0-4]
- Resolves: rhbz#1576719 - ECP flow not triggering, instead client access
secured resources without ECP authentication
[0.14.0-3]
- Resolves: rhbz#1652980 - mod_auth_mellon Cert files name wrong when
hostname contains a number
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle Linux 7 (aarch64) | mod_auth_mellon-0.14.0-8.el7.src.rpm | 3969d216f8bace837e97b54bf6b4deec | ELBA-2020-5036 |
| mod_auth_mellon-0.14.0-8.el7.aarch64.rpm | db9c91e89416f9b178528cd2497d74b7 | ELBA-2020-5036 |
| mod_auth_mellon-diagnostics-0.14.0-8.el7.aarch64.rpm | 0fececd64fbc99f36bd708cee805be3f | ELBA-2020-5036 |
|
| Oracle Linux 7 (x86_64) | mod_auth_mellon-0.14.0-8.el7.src.rpm | 3969d216f8bace837e97b54bf6b4deec | ELBA-2020-5036 |
| mod_auth_mellon-0.14.0-8.el7.x86_64.rpm | 90fb0d3dc20ae1d9bbacb365a65737af | ELBA-2020-5036 |
| mod_auth_mellon-diagnostics-0.14.0-8.el7.x86_64.rpm | 9bda61339f04ffa7e1a1a0bce7ad63dc | ELBA-2020-5036 |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
