ELSA-2023-6940

ULN >
Oracle Linux Errata repository >
ELSA-2023-6940

ELSA-2023-6940 - mod_auth_openidc:2.3 security and bug fix update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2023-11-18

Description

cjose
[0.6.1-4]
- CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual
Authentication Tag provided in the JWE
Resolves: rhbz#2223308

mod_auth_openidc
[2.4.9.4-5]
Related: rhbz#2141850 - fix cjose version dependency

[2.4.9.4-4]
Resolves: rhbz#2141850 - auth_openidc.conf mode 0640 by default

[2.4.9.4-3]
- Resolves: rhbz#2184144 - CVE-2023-28625 NULL pointer dereference
when OIDCStripCookies is set and a crafted Cookie header is supplied

[2.4.9.4-2]
- Resolves: rhbz#2153659 - CVE-2022-23527 - Open Redirect in
oidc_validate_redirect_url() using tab character

Related CVEs

CVE-2022-23527

CVE-2023-28625

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	cjose-0.6.1-4.module+el8.9.0+90009+6a7196cf.src.rpm	777b9d2a9ee896a9a8e6f0c8fcd2d0768145e996c069d4d98abb34777844262e	-	ol8_aarch64_appstream
	mod_auth_openidc-2.4.9.4-5.module+el8.9.0+90009+6a7196cf.src.rpm	443e6a0b07790afca567221b3cea51d7cb6fde3e66508f66f3dc9f407a3c930e	-	ol8_aarch64_appstream
	cjose-0.6.1-4.module+el8.9.0+90009+6a7196cf.aarch64.rpm	36440f4a03615a5916ca3dc5d810ce7f8cecc7ba5d14c4dd71e20057dd28049d	-	ol8_aarch64_appstream
	cjose-devel-0.6.1-4.module+el8.9.0+90009+6a7196cf.aarch64.rpm	705f48cc9bd93043aff71d554f3a8c7ddc93a4f0ed9a0aa8500be4f72944c557	-	ol8_aarch64_appstream
	mod_auth_openidc-2.4.9.4-5.module+el8.9.0+90009+6a7196cf.aarch64.rpm	dd09bda0ac7d32d3feb892786e34bf6637cc21f846f7ebd286f2ef6f3c71044f	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	cjose-0.6.1-4.module+el8.9.0+90009+6a7196cf.src.rpm	777b9d2a9ee896a9a8e6f0c8fcd2d0768145e996c069d4d98abb34777844262e	-	ol8_x86_64_appstream
	mod_auth_openidc-2.4.9.4-5.module+el8.9.0+90009+6a7196cf.src.rpm	443e6a0b07790afca567221b3cea51d7cb6fde3e66508f66f3dc9f407a3c930e	-	ol8_x86_64_appstream
	cjose-0.6.1-4.module+el8.9.0+90009+6a7196cf.x86_64.rpm	e8d5e111e8fe9520f2384f6bc863daf2291c92f8da361febb84eeed195a7c9df	-	ol8_x86_64_appstream
	cjose-devel-0.6.1-4.module+el8.9.0+90009+6a7196cf.x86_64.rpm	8ffa1d8a58822affd3c84d1fd45bb197d2b0d027f0b30fd2fae8f907e35ec125	-	ol8_x86_64_appstream
	mod_auth_openidc-2.4.9.4-5.module+el8.9.0+90009+6a7196cf.x86_64.rpm	66ea9252da97c60394c3aa785e93b0d0dfeb50abc88dd8e8a6ae54dad690bbbd	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691