[ALSA-2024:9180] Moderate: mod_auth_openidc security update
Type:
security
Severity:
moderate
Release date:
2024-11-18
Description:
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fix(es): * mod_auth_openidc: DoS when using `OIDCSessionType client-cookie` and manipulating cookies (CVE-2024-24814) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 mod_auth_openidc-2.4.10-1.el9.aarch64.rpm f635c0cd32d729ea3c0d5c2c01d50b63bb2b88ce714857a53544b68bdbfc5230
ppc64le mod_auth_openidc-2.4.10-1.el9.ppc64le.rpm 17cf4cabda99e63b370b59eb8b514e99b35b508792989d9077b5e5ae639347a9
s390x mod_auth_openidc-2.4.10-1.el9.s390x.rpm 003822eec00ac733af1364601b9ff7d9397aa8fb0026c31f15ad2728d0b9fd40
x86_64 mod_auth_openidc-2.4.10-1.el9.x86_64.rpm 277e2de285025544e1dc6850840f8dadee3a33ce77f3e40cc24f120cf4fbada3
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.