[ALSA-2023:4418] Important: mod_auth_openidc:2.3 security update
Type:
security
Severity:
important
Release date:
2023-08-02
Description:
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fix(es): * cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE (CVE-2023-37464) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 cjose-0.6.1-3.module_el8.8.0+3591+c9939da8.aarch64.rpm 1fa801a826692db7617a8b024d47677c638c0af755fcbbcf94bb914ce671b28b
aarch64 cjose-devel-0.6.1-3.module_el8.8.0+3591+c9939da8.aarch64.rpm 757237bfc24617ae26b984c4b09d10a4089a9ce87ec6753ee846b2b7a9169629
aarch64 mod_auth_openidc-2.4.9.4-1.module_el8.7.0+3305+9a59f0c3.aarch64.rpm b0092703b7d8752c1e79ff91358a0518ad1f96d6ada44a5f78e4c46a9f3f71c3
ppc64le mod_auth_openidc-2.4.9.4-1.module_el8.7.0+3305+9a59f0c3.ppc64le.rpm 20911c186cdb593b62244bf207444c9570685d48b8d8c97d858ddb2cde921f84
ppc64le cjose-devel-0.6.1-3.module_el8.8.0+3591+c9939da8.ppc64le.rpm 745e0a7167065f44f740468a8140ec62db6845f03ee234de917d0ec2a73cbb2b
ppc64le cjose-0.6.1-3.module_el8.8.0+3591+c9939da8.ppc64le.rpm a75c482426a05ebb41f5787e0c2404b8dd78441f61f0c50aeb71816f029bac4f
s390x mod_auth_openidc-2.4.9.4-1.module_el8.7.0+3305+9a59f0c3.s390x.rpm 077fdd85d3058f6e044b888c6f8fca6b17f6b9fbbaa32121123fa46c12231c88
s390x cjose-0.6.1-3.module_el8.8.0+3591+c9939da8.s390x.rpm 6a8d69ce7ad2b14244abaefa65232a75e6c5cd0207e8905dbc8b900b563fef7a
s390x cjose-devel-0.6.1-3.module_el8.8.0+3591+c9939da8.s390x.rpm 75bca2726639729a99eb2acebb6f08f682b8206cdf29a60cf2a35ab8160c488c
x86_64 cjose-devel-0.6.1-3.module_el8.8.0+3591+c9939da8.x86_64.rpm 1930a62735fac54a68e7ee0d603375bdd36d9a77e6ed0eb25f3b31c0974b9d4a
x86_64 cjose-0.6.1-3.module_el8.8.0+3591+c9939da8.x86_64.rpm 3fc0afc0893bb28a36b2d505ed934bc3e43417cd69ac07e2eda24190051ff309
x86_64 mod_auth_openidc-2.4.9.4-1.module_el8.7.0+3305+9a59f0c3.x86_64.rpm ede184fae153877b592de93a359d53a9ef1a52b980e290e7d7b0a48211f64665
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.