ELSA-2023-6365 - mod_auth_openidc security and bug fix update
| Type: | SECURITY |
| Impact: | MODERATE |
| Release Date: | 2023-11-11 |
Description
[2.4.9.4-4]
Resolves: rhbz#2189268 - auth_openidc.conf mode 0640 by default
[2.4.9.4-3]
- Resolves: rhbz#2184145 - CVE-2023-28625 NULL pointer dereference
when OIDCStripCookies is set and a crafted Cookie header is supplied
[2.4.9.4-2]
- Resolves: rhbz#2153656 - CVE-2022-23527 - Open Redirect in
oidc_validate_redirect_url() using tab character
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle Linux 9 (aarch64) | mod_auth_openidc-2.4.9.4-4.el9.src.rpm | 530dc802450f3d9ebd14fd3ccdd5ca846f5100912b9adfc3dac72f635a60953e | - | ol9_aarch64_appstream |
| mod_auth_openidc-2.4.9.4-4.el9.aarch64.rpm | b1074bb01d78ed0ada12bb834ed60ca3c35abe376ad556836b2eaeb53b9b96fb | - | ol9_aarch64_appstream |
|
| Oracle Linux 9 (x86_64) | mod_auth_openidc-2.4.9.4-4.el9.src.rpm | 530dc802450f3d9ebd14fd3ccdd5ca846f5100912b9adfc3dac72f635a60953e | - | ol9_x86_64_appstream |
| mod_auth_openidc-2.4.9.4-4.el9.x86_64.rpm | 67d940cdbf05f7dbee530d36cb6bc20f5e4eaa31c0490406c0a6ac06eca7faed | - | ol9_x86_64_appstream |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
