ELSA-2022-1823

ULN >
Oracle Linux Errata repository >
ELSA-2022-1823

ELSA-2022-1823 - mod_auth_openidc:2.3 security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2022-05-17

Description

cjose
[0.6.1-2]
- fix concatkdf big endian architecture problem.
Upstream issue #77.

[0.6.1-1]
- upgrade to latest upstream 0.6.1

[0.5.1-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

[0.5.1-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[0.5.1-1]
- Initial packaging

mod_auth_openidc
[2.3.7-11]
- Resolves: rhbz#1987222 - CVE-2021-32792 XSS when using OIDCPreservePost On

[2.3.7-10]
- Resolves: rhbz#1987216 - CVE-2021-32791 hardcoded static IV and AAD with a
reused key in AES GCM encryption [rhel-8] (edit)

[2.3.7-9]
- Resolves: rhbz#2001853 - CVE-2021-39191 open redirect by supplying a crafted URL
in the target_link_uri parameter

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	cjose-0.6.1-2.module+el8+5139+bcb28322.src.rpm	66de4b586c37a4e300be22ecf9213380f434b5180a62669148f3a6293a5a8c72	-	ol8_aarch64_appstream
	cjose-0.6.1-2.module+el8+5139+bcb28322.src.rpm	66de4b586c37a4e300be22ecf9213380f434b5180a62669148f3a6293a5a8c72	-	ol8_aarch64_appstream_developer
	mod_auth_openidc-2.3.7-11.module+el8.6.0+20572+b6f23e95.src.rpm	b0794f90b4d5991e49930ac1c28494e34ea5e73c9e14408a69a6face24e096e9	-	ol8_aarch64_appstream
	cjose-0.6.1-2.module+el8+5139+bcb28322.aarch64.rpm	37bc635be57bf999f7ee4e3da2930c12696bfbd8f0120290093b481919cda57d	-	ol8_aarch64_appstream
	cjose-0.6.1-2.module+el8+5139+bcb28322.aarch64.rpm	37bc635be57bf999f7ee4e3da2930c12696bfbd8f0120290093b481919cda57d	-	ol8_aarch64_appstream_developer
	cjose-devel-0.6.1-2.module+el8+5139+bcb28322.aarch64.rpm	acb30612f2564a75717352df8cbe79ba7681ca3012900b7cfa2228f60229a08d	-	ol8_aarch64_appstream
	cjose-devel-0.6.1-2.module+el8+5139+bcb28322.aarch64.rpm	acb30612f2564a75717352df8cbe79ba7681ca3012900b7cfa2228f60229a08d	-	ol8_aarch64_appstream_developer
	mod_auth_openidc-2.3.7-11.module+el8.6.0+20572+b6f23e95.aarch64.rpm	46f35eda0cbc99a0aaa84e0a33118e48ec1f07445ccfef71449105599aa0e74f	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	cjose-0.6.1-2.module+el8+5139+bcb28322.src.rpm	66de4b586c37a4e300be22ecf9213380f434b5180a62669148f3a6293a5a8c72	-	ol8_x86_64_appstream
	cjose-0.6.1-2.module+el8+5139+bcb28322.src.rpm	66de4b586c37a4e300be22ecf9213380f434b5180a62669148f3a6293a5a8c72	-	ol8_x86_64_appstream_developer
	mod_auth_openidc-2.3.7-11.module+el8.6.0+20572+b6f23e95.src.rpm	b0794f90b4d5991e49930ac1c28494e34ea5e73c9e14408a69a6face24e096e9	-	ol8_x86_64_appstream
	cjose-0.6.1-2.module+el8+5139+bcb28322.x86_64.rpm	2956dd2e953e2b130caf29cccc0d720ad9a171c87eb3bff8dfa5c15906fde6d8	-	ol8_x86_64_appstream
	cjose-0.6.1-2.module+el8+5139+bcb28322.x86_64.rpm	2956dd2e953e2b130caf29cccc0d720ad9a171c87eb3bff8dfa5c15906fde6d8	-	ol8_x86_64_appstream_developer
	cjose-devel-0.6.1-2.module+el8+5139+bcb28322.x86_64.rpm	2d1b7050f964dae18a222478f4ec579685e2d38299a9c01a64b4b49ae047677d	-	ol8_x86_64_appstream
	cjose-devel-0.6.1-2.module+el8+5139+bcb28322.x86_64.rpm	2d1b7050f964dae18a222478f4ec579685e2d38299a9c01a64b4b49ae047677d	-	ol8_x86_64_appstream_developer
	mod_auth_openidc-2.3.7-11.module+el8.6.0+20572+b6f23e95.x86_64.rpm	1333bc4f89fd8fb6a50a4c4bb865817df433a4bc929a71050ca3200846e0204d	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691