[ALSA-2023:6940] Moderate: mod_auth_openidc:2.3 security and bug fix update
Type:
security
Severity:
moderate
Release date:
2023-11-23
Description:
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fix(es): * mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character (CVE-2022-23527) * mod_auth_openidc: NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied (CVE-2023-28625) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 mod_auth_openidc-2.4.9.4-5.module_el8.9.0+3631+0ced13d7.aarch64.rpm 084347a5ad909257a0ca6dc38df4e27088db7d871bc2b6ce58ab98f669bb55dc
aarch64 cjose-0.6.1-4.module_el8.9.0+3631+0ced13d7.aarch64.rpm 1e38368acae5192306b7535b3069a5e6d542ffa563e15a52fb6285bb45e4e4d9
aarch64 cjose-devel-0.6.1-4.module_el8.9.0+3631+0ced13d7.aarch64.rpm 50cdbf68124fbd564661572d1deca2465adad94c4fa241d69ddd27500b271270
ppc64le mod_auth_openidc-2.4.9.4-5.module_el8.9.0+3631+0ced13d7.ppc64le.rpm 0cae562bbeffb8bf07343199ec513f500b1aee51822c537b22e1d1dc6dea1da2
ppc64le cjose-0.6.1-4.module_el8.9.0+3631+0ced13d7.ppc64le.rpm 1cb3ed212afaa8c3b2911e2d61f86ab843e0ce44174b2cb5587cfac9d278b917
ppc64le cjose-devel-0.6.1-4.module_el8.9.0+3631+0ced13d7.ppc64le.rpm 994c5edf4ec7f52af34c866284a4745d6fb36daae3dccf30debaf61555329384
s390x mod_auth_openidc-2.4.9.4-5.module_el8.9.0+3631+0ced13d7.s390x.rpm 2bca885eb9d8ad3ecbf09a882e8fed825e72d86af7923638316534ea4bc575b0
s390x cjose-0.6.1-4.module_el8.9.0+3631+0ced13d7.s390x.rpm 4d081700a8fb0babd3d14773b9d53b33ddd02d52eebae59fc99f7cd9b0d93b9f
s390x cjose-devel-0.6.1-4.module_el8.9.0+3631+0ced13d7.s390x.rpm ce03707da865baaa5be9a51305a4a868164b517be94280cd83e11e625f788c40
x86_64 cjose-devel-0.6.1-4.module_el8.9.0+3631+0ced13d7.x86_64.rpm 738eb3d6de925553d28836363754aaaa1866bc3ae8d2651d2c5865d239e7beb1
x86_64 cjose-0.6.1-4.module_el8.9.0+3631+0ced13d7.x86_64.rpm 8829a97281d3102aa0d5835adca7ad2851c9b01144eabff84d7a4827c585b3bc
x86_64 mod_auth_openidc-2.4.9.4-5.module_el8.9.0+3631+0ced13d7.x86_64.rpm fc3a303bec35dde4eefd0f130ae53ea1c54eb033ccab338511b8fd342ebb725c
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.