Stay Connected:

ELSA-2020-3032

ELSA-2020-3032 - mod_auth_openidc:2.3 security and bug fix update

Type:SECURITY
Impact:MODERATE
Release Date:2020-07-29

Description


cjose
[0.6.1-2]
- fix concatkdf big endian architecture problem.
Upstream issue #77.

[0.6.1-1]
- upgrade to latest upstream 0.6.1

[0.5.1-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

[0.5.1-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[0.5.1-1]
- Initial packaging

mod_auth_openidc
[2.3.7-4.3]
- Actually apply the previous patch, sigh
- Related: rhbz#1820666 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc:
Open redirect in logout url when using URLs with
leading slashes [rhel-8.2.0.z]
- Related: rhbz#1820662 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc:
open redirect issue exists in URLs with slash and
backslash [rhel-8.2.0.z]

[2.3.7-4.2]
- Fix the previous backport
- Related: rhbz#1820666 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc:
Open redirect in logout url when using URLs with
leading slashes [rhel-8.2.0.z]
- Related: rhbz#1820662 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc:
open redirect issue exists in URLs with slash and
backslash [rhel-8.2.0.z]

[2.3.7-4.1]
- Resolves: rhbz#1820666 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc:
Open redirect in logout url when using URLs with
leading slashes [rhel-8.2.0.z]
- Resolves: rhbz#1820662 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc:
open redirect issue exists in URLs with slash and
backslash [rhel-8.2.0.z]


Related CVEs


CVE-2019-14857
CVE-2019-20479

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) cjose-0.6.1-2.module+el8+5139+bcb28322.src.rpm66de4b586c37a4e300be22ecf9213380f434b5180a62669148f3a6293a5a8c72-ol8_aarch64_appstream
cjose-0.6.1-2.module+el8+5139+bcb28322.src.rpm66de4b586c37a4e300be22ecf9213380f434b5180a62669148f3a6293a5a8c72-ol8_aarch64_appstream_developer
mod_auth_openidc-2.3.7-4.module+el8.2.0+7637+70221d24.3.src.rpm8d57307afcbd56208b7fc66f8e680bd68b8c0ee60c036dc8fa118fb98a063fa7-ol8_aarch64_appstream
cjose-0.6.1-2.module+el8+5139+bcb28322.aarch64.rpm37bc635be57bf999f7ee4e3da2930c12696bfbd8f0120290093b481919cda57d-ol8_aarch64_appstream
cjose-0.6.1-2.module+el8+5139+bcb28322.aarch64.rpm37bc635be57bf999f7ee4e3da2930c12696bfbd8f0120290093b481919cda57d-ol8_aarch64_appstream_developer
cjose-devel-0.6.1-2.module+el8+5139+bcb28322.aarch64.rpmacb30612f2564a75717352df8cbe79ba7681ca3012900b7cfa2228f60229a08d-ol8_aarch64_appstream
cjose-devel-0.6.1-2.module+el8+5139+bcb28322.aarch64.rpmacb30612f2564a75717352df8cbe79ba7681ca3012900b7cfa2228f60229a08d-ol8_aarch64_appstream_developer
mod_auth_openidc-2.3.7-4.module+el8.2.0+7637+70221d24.3.aarch64.rpmd456fd8227d9777a4937048f7bc67f523d466b5e653c52c247f47e23ab4d9bf5-ol8_aarch64_appstream
Oracle Linux 8 (x86_64) cjose-0.6.1-2.module+el8+5139+bcb28322.src.rpm66de4b586c37a4e300be22ecf9213380f434b5180a62669148f3a6293a5a8c72-ol8_x86_64_appstream
cjose-0.6.1-2.module+el8+5139+bcb28322.src.rpm66de4b586c37a4e300be22ecf9213380f434b5180a62669148f3a6293a5a8c72-ol8_x86_64_appstream_developer
mod_auth_openidc-2.3.7-4.module+el8.2.0+7637+70221d24.3.src.rpm8d57307afcbd56208b7fc66f8e680bd68b8c0ee60c036dc8fa118fb98a063fa7-ol8_x86_64_appstream
cjose-0.6.1-2.module+el8+5139+bcb28322.x86_64.rpm2956dd2e953e2b130caf29cccc0d720ad9a171c87eb3bff8dfa5c15906fde6d8-ol8_x86_64_appstream
cjose-0.6.1-2.module+el8+5139+bcb28322.x86_64.rpm2956dd2e953e2b130caf29cccc0d720ad9a171c87eb3bff8dfa5c15906fde6d8-ol8_x86_64_appstream_developer
cjose-devel-0.6.1-2.module+el8+5139+bcb28322.x86_64.rpm2d1b7050f964dae18a222478f4ec579685e2d38299a9c01a64b4b49ae047677d-ol8_x86_64_appstream
cjose-devel-0.6.1-2.module+el8+5139+bcb28322.x86_64.rpm2d1b7050f964dae18a222478f4ec579685e2d38299a9c01a64b4b49ae047677d-ol8_x86_64_appstream_developer
mod_auth_openidc-2.3.7-4.module+el8.2.0+7637+70221d24.3.x86_64.rpm22b9a841b2fe128e605813204a321bf801f8163bd4e1d7a906ba5b0410b38e94-ol8_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights