[ALSA-2022:1934] Moderate: mod_auth_mellon security update
Type:
security
Severity:
moderate
Release date:
2022-05-10
Description:
The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix(es): * mod_auth_mellon: Open Redirect vulnerability in logout URLs (CVE-2021-3639) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 mod_auth_mellon-0.14.0-12.el8.1.aarch64.rpm 017114a3bb3b00d5846a0894ab85e877eb6d730b184ff87ee3e02253b8cab61f
aarch64 mod_auth_mellon-diagnostics-0.14.0-12.el8.1.aarch64.rpm 92da8d4550e60e37469304585865f7879208e9266ba65e7fef5736458435197b
ppc64le mod_auth_mellon-0.14.0-12.el8.1.ppc64le.rpm 2aa0fa11a35775fcad6cf769eb1acb1c08259c6b16d3c80539f553644e407f2a
ppc64le mod_auth_mellon-diagnostics-0.14.0-12.el8.1.ppc64le.rpm 6ba3690dc8d5b967b2f939c2b0785ef76e5f37b8fb383a8c02d992b00bb82892
x86_64 mod_auth_mellon-diagnostics-0.14.0-12.el8.1.x86_64.rpm 3d95a54fe5c58812edf4d57c35a45bc14c2d7aa2211dd4423c97e9be588532ea
x86_64 mod_auth_mellon-0.14.0-12.el8.1.x86_64.rpm 9f126e7a92bbf31c8c35f2cf9ecd5a2894a081492b04ad6d6991a98d13608c51
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.