ELSA-2023-6940

ULN >
Oracle Linux Errata repository >
ELSA-2023-6940

ELSA-2023-6940 - mod_auth_openidc:2.3 security and bug fix update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2023-11-18

Description

cjose
[0.6.1-4]
- CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual
Authentication Tag provided in the JWE
Resolves: rhbz#2223308

mod_auth_openidc
[2.4.9.4-5]
Related: rhbz#2141850 - fix cjose version dependency

[2.4.9.4-4]
Resolves: rhbz#2141850 - auth_openidc.conf mode 0640 by default

[2.4.9.4-3]
- Resolves: rhbz#2184144 - CVE-2023-28625 NULL pointer dereference
when OIDCStripCookies is set and a crafted Cookie header is supplied

[2.4.9.4-2]
- Resolves: rhbz#2153659 - CVE-2022-23527 - Open Redirect in
oidc_validate_redirect_url() using tab character

Related CVEs

CVE-2022-23527

CVE-2023-28625

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	cjose-0.6.1-4.module+el8.9.0+90009+6a7196cf.src.rpm	021adc4b4baf139adf7bc3604b9b384e	-	ol8_aarch64_appstream
	mod_auth_openidc-2.4.9.4-5.module+el8.9.0+90009+6a7196cf.src.rpm	521ca1e344371eb27176b3e9cbe88c1a	-	ol8_aarch64_appstream
	cjose-0.6.1-4.module+el8.9.0+90009+6a7196cf.aarch64.rpm	c8ed409e705adeb3db69edc8c3df2f6f	-	ol8_aarch64_appstream
	cjose-devel-0.6.1-4.module+el8.9.0+90009+6a7196cf.aarch64.rpm	8ac1b188bedf1bdfc0b78d12bde07fc3	-	ol8_aarch64_appstream
	mod_auth_openidc-2.4.9.4-5.module+el8.9.0+90009+6a7196cf.aarch64.rpm	532d87ab48770606e59fa123adad1bac	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	cjose-0.6.1-4.module+el8.9.0+90009+6a7196cf.src.rpm	021adc4b4baf139adf7bc3604b9b384e	-	ol8_x86_64_appstream
	mod_auth_openidc-2.4.9.4-5.module+el8.9.0+90009+6a7196cf.src.rpm	521ca1e344371eb27176b3e9cbe88c1a	-	ol8_x86_64_appstream
	cjose-0.6.1-4.module+el8.9.0+90009+6a7196cf.x86_64.rpm	5076c231781c27f7d06560afab3b455d	-	ol8_x86_64_appstream
	cjose-devel-0.6.1-4.module+el8.9.0+90009+6a7196cf.x86_64.rpm	e139ec44442c9f13dbcc2962403e2021	-	ol8_x86_64_appstream
	mod_auth_openidc-2.4.9.4-5.module+el8.9.0+90009+6a7196cf.x86_64.rpm	d3cfff7a39e33e15585e02e9e2c687d8	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691