ELSA-2023-6365 - mod_auth_openidc security and bug fix update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2023-11-11 |
Description
[2.4.9.4-4]
Resolves: rhbz#2189268 - auth_openidc.conf mode 0640 by default
[2.4.9.4-3]
- Resolves: rhbz#2184145 - CVE-2023-28625 NULL pointer dereference
when OIDCStripCookies is set and a crafted Cookie header is supplied
[2.4.9.4-2]
- Resolves: rhbz#2153656 - CVE-2022-23527 - Open Redirect in
oidc_validate_redirect_url() using tab character
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory | Channel Label |
|
| Oracle Linux 9 (aarch64) | mod_auth_openidc-2.4.9.4-4.el9.src.rpm | 7d7a587147dd462ef1e0bbe6467eae8b | - | ol9_aarch64_appstream |
| mod_auth_openidc-2.4.9.4-4.el9.aarch64.rpm | 12be54ccbfb8c0cef71b7adec1e9f977 | - | ol9_aarch64_appstream |
|
| Oracle Linux 9 (x86_64) | mod_auth_openidc-2.4.9.4-4.el9.src.rpm | 7d7a587147dd462ef1e0bbe6467eae8b | - | ol9_x86_64_appstream |
| mod_auth_openidc-2.4.9.4-4.el9.x86_64.rpm | 99001606533f38052a3cbe12c64d9822 | - | ol9_x86_64_appstream |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
