[ALSA-2024:5289] Moderate: mod_auth_openidc:2.3 security update
Type:
security
Severity:
moderate
Release date:
2024-08-21
Description:
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fix(es): * mod_auth_openidc: DoS when using `OIDCSessionType client-cookie` and manipulating cookies (CVE-2024-24814) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 mod_auth_openidc-2.4.9.4-6.module_el8.10.0+3881+234adf82.aarch64.rpm 3148914bbc892a12c4d4f794f5ddaea3e4b9a1dbc5b3029dba143b9a6228f544
aarch64 cjose-devel-0.6.1-4.module_el8.9.0+3631+0ced13d7.aarch64.rpm 50cdbf68124fbd564661572d1deca2465adad94c4fa241d69ddd27500b271270
aarch64 cjose-0.6.1-4.module_el8.10.0+3881+234adf82.aarch64.rpm 924273913f72bf89cfd7ffce6347879d0f26bffc76829ddc4531b31e9bf197b9
ppc64le cjose-devel-0.6.1-4.module_el8.9.0+3631+0ced13d7.ppc64le.rpm 994c5edf4ec7f52af34c866284a4745d6fb36daae3dccf30debaf61555329384
ppc64le cjose-0.6.1-4.module_el8.10.0+3881+234adf82.ppc64le.rpm 9c1cb16cdb6497f112b3596b0a2d691fd0ba0c2d277a7b8ae8aab35c08b42b65
ppc64le mod_auth_openidc-2.4.9.4-6.module_el8.10.0+3881+234adf82.ppc64le.rpm e7a2dfb10cdedb0bb0c88d7c15217305b79f36353e5f727e3e8bf1ad01ab4d33
s390x mod_auth_openidc-2.4.9.4-6.module_el8.10.0+3881+234adf82.s390x.rpm 3b9b306581f449878735b99c2f759ed8fbbf795f95011939b33b1bf15719ef67
s390x cjose-devel-0.6.1-4.module_el8.10.0+3881+234adf82.s390x.rpm 559c2230cf633477f6087a021e6c86fcc10f9ddd90a75eff6a9a97e1e9e6462e
s390x cjose-0.6.1-4.module_el8.10.0+3881+234adf82.s390x.rpm f2276b80986159e6c98c20e7b1f84a175e9f21a5ed4a7bd1e4530f03dd3c3001
x86_64 mod_auth_openidc-2.4.9.4-6.module_el8.10.0+3881+234adf82.x86_64.rpm 02347490b535a2829c67c0f05daa3096840c54dcb3434208c0087f96c3824dff
x86_64 cjose-devel-0.6.1-4.module_el8.9.0+3631+0ced13d7.x86_64.rpm 738eb3d6de925553d28836363754aaaa1866bc3ae8d2651d2c5865d239e7beb1
x86_64 cjose-0.6.1-4.module_el8.9.0+3631+0ced13d7.x86_64.rpm 8829a97281d3102aa0d5835adca7ad2851c9b01144eabff84d7a4827c585b3bc
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.