[ALSA-2023:6365] Moderate: mod_auth_openidc security and bug fix update
Type:
security
Severity:
moderate
Release date:
2023-11-14
Description:
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fix(es): * mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character (CVE-2022-23527) * mod_auth_openidc: NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied (CVE-2023-28625) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 mod_auth_openidc-2.4.9.4-4.el9.aarch64.rpm 8bcaf1853126764573366fb6d34c5d1c1e9b500dc2eabb8831ed9454a90e2e3f
ppc64le mod_auth_openidc-2.4.9.4-4.el9.ppc64le.rpm fae66748a64059fbf96aa63aa59a90cc506b228607fed192e4a7cf6c243927c8
s390x mod_auth_openidc-2.4.9.4-4.el9.s390x.rpm c1c5ef13f60c1956d11a3b0aa1aba63446cde2a0822fecc100420cec77dd7f64
x86_64 mod_auth_openidc-2.4.9.4-4.el9.x86_64.rpm 7e93469e82148934c763c1bd09e279157ec5af8e2766d196cc4af4339b9fc219
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.