ELSA-2024-5289

ELSA-2024-5289 - mod_auth_openidc:2.3 security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2024-08-14

Description

cjose
mod_auth_openidc
[2.4.9.4-6]
- Resolves: RHEL-36492 Race condition in mod_auth_openidc filecache
- Resolves: RHEL-25421 mod_auth_openidc: DoS when using
OIDCSessionType client-cookie and manipulating cookies
(CVE-2024-24814)

Related CVEs

CVE-2024-24814

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label
Oracle Linux 8 (aarch64)	cjose-0.6.1-4.module+el8.10.0+90385+c8f58f84.src.rpm	b5fa17e619428bc820d75b2bdd11c4ad	-	ol8_aarch64_appstream
	mod_auth_openidc-2.4.9.4-6.module+el8.10.0+90385+c8f58f84.src.rpm	b71e48dc9e855897621f9ecf475f3a62	-	ol8_aarch64_appstream
	cjose-0.6.1-4.module+el8.10.0+90385+c8f58f84.aarch64.rpm	71462bde7197834a9c93bbf6b386eb49	-	ol8_aarch64_appstream
	cjose-devel-0.6.1-4.module+el8.10.0+90385+c8f58f84.aarch64.rpm	59f0d689d075504d9c74952589aab89c	-	ol8_aarch64_appstream
	mod_auth_openidc-2.4.9.4-6.module+el8.10.0+90385+c8f58f84.aarch64.rpm	1a060fbd2095d14d821298fa98a79a51	-	ol8_aarch64_appstream
Oracle Linux 8 (x86_64)	cjose-0.6.1-4.module+el8.10.0+90385+c8f58f84.src.rpm	b5fa17e619428bc820d75b2bdd11c4ad	-	ol8_x86_64_appstream
	mod_auth_openidc-2.4.9.4-6.module+el8.10.0+90385+c8f58f84.src.rpm	b71e48dc9e855897621f9ecf475f3a62	-	ol8_x86_64_appstream
	cjose-0.6.1-4.module+el8.10.0+90385+c8f58f84.x86_64.rpm	13b388ff5c7a18e5377d666859a96a49	-	ol8_x86_64_appstream
	cjose-devel-0.6.1-4.module+el8.10.0+90385+c8f58f84.x86_64.rpm	a3944ecfd34741f69b3dc5624938d0ad	-	ol8_x86_64_appstream
	mod_auth_openidc-2.4.9.4-6.module+el8.10.0+90385+c8f58f84.x86_64.rpm	9cbf1869b09dcd922811c6ec5eb8bcd4	-	ol8_x86_64_appstream