Oracle Errata SystemOracle Linux5.112022-04-27T06:36:49
ELSA-2020-3032: mod_auth_openidc:2.3 security and bug fix update (MODERATE)
Oracle Linux 8
cjose
[0.6.1-2]
- fix concatkdf big endian architecture problem.
Upstream issue #77.
[0.6.1-1]
- upgrade to latest upstream 0.6.1
[0.5.1-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
[0.5.1-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
[0.5.1-1]
- Initial packaging
mod_auth_openidc
[2.3.7-4.3]
- Actually apply the previous patch, sigh
- Related: rhbz#1820666 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc:
Open redirect in logout url when using URLs with
leading slashes [rhel-8.2.0.z]
- Related: rhbz#1820662 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc:
open redirect issue exists in URLs with slash and
backslash [rhel-8.2.0.z]
[2.3.7-4.2]
- Fix the previous backport
- Related: rhbz#1820666 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc:
Open redirect in logout url when using URLs with
leading slashes [rhel-8.2.0.z]
- Related: rhbz#1820662 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc:
open redirect issue exists in URLs with slash and
backslash [rhel-8.2.0.z]
[2.3.7-4.1]
- Resolves: rhbz#1820666 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc:
Open redirect in logout url when using URLs with
leading slashes [rhel-8.2.0.z]
- Resolves: rhbz#1820662 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc:
open redirect issue exists in URLs with slash and
backslash [rhel-8.2.0.z]
MODERATECopyright 2020 Oracle, Inc.CVE-2019-14857CVE-2019-20479mod_auth_openidccjosecjose-develoraclelinux-release/etc/dnf/modules.d/mod_auth_openidc.module\[mod_auth_openidc\][\w\W]*182562ea9ad986da3\nstream\s*=\s*2\.3\b[\w\W]*\nstate\s*=\s*(enabled|1|true)|\nstate\s*=\s*(enabled|1|true)[\w\W]*\nstream\s*=\s*2\.3\b^8aarch640:0.6.1-2.module+el8+5139+bcb283220:2.3.7-4.module+el8.2.0+7637+70221d24.3x86_64