Lucene search
AlmaLinuxALSA-2023:6365HistoryNov 07, 2023 - 12:00 a.m.
Moderate: mod_auth_openidc security and bug fix update
2023-11-0700:00:00
errata.almalinux.org
4
apache http server
openid connect
oauth 2.0
security fix
cve-2022-23527
cve-2023-28625
almalinux
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
Security Fix(es):
- mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character (CVE-2022-23527)
- mod_auth_openidc: NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied (CVE-2023-28625)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 9 | ppc64le | mod_auth_openidc | <Â 2.4.9.4-4.el9 | mod_auth_openidc-2.4.9.4-4.el9.ppc64le.rpm |
| almalinux | 9 | aarch64 | mod_auth_openidc | <Â 2.4.9.4-4.el9 | mod_auth_openidc-2.4.9.4-4.el9.aarch64.rpm |
| almalinux | 9 | x86_64 | mod_auth_openidc | <Â 2.4.9.4-4.el9 | mod_auth_openidc-2.4.9.4-4.el9.x86_64.rpm |
| almalinux | 9 | s390x | mod_auth_openidc | <Â 2.4.9.4-4.el9 | mod_auth_openidc-2.4.9.4-4.el9.s390x.rpm |
Related
almalinux
almalinux
Moderate: mod_auth_openidc:2.3 security and bug fix update
2023-11-14 00:00:00
oraclelinux
oraclelinux
mod_auth_openidc security and bug fix update
2023-11-11 00:00:00
mod_auth_openidc:2.3 security and bug fix update
2023-11-18 00:00:00
nessus
nessus
Oracle Linux 9 : mod_auth_openidc (ELSA-2023-6365)
2023-11-16 00:00:00
RHEL 8 : mod_auth_openidc:2.3 (RHSA-2023:6940)
2023-11-14 00:00:00
RHEL 9 : mod_auth_openidc (RHSA-2023:6365)
2023-11-07 00:00:00
osv
osv
Moderate: mod_auth_openidc security and bug fix update
2023-11-07 00:00:00
Moderate: mod_auth_openidc:2.3 security and bug fix update
2023-11-14 00:00:00
CVE-2023-28625
2023-04-03 14:15:07
redhat
redhat
(RHSA-2023:6365) Moderate: mod_auth_openidc security and bug fix update
2023-11-07 06:03:12
(RHSA-2023:6940) Moderate: mod_auth_openidc:2.3 security and bug fix update
2023-11-14 08:40:59
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:1837-1)
2023-05-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:1849-1)
2023-04-17 00:00:00
Debian: Security Advisory (DSA-5405-1)
2023-05-19 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: mod_auth_openidc-2.4.13.2-1.fc38
2023-05-31 17:34:01
[SECURITY] Fedora 36 Update: mod_auth_openidc-2.4.12.2-1.fc36
2022-12-25 01:22:44
[SECURITY] Fedora 37 Update: mod_auth_openidc-2.4.12.2-1.fc37
2022-12-25 01:08:49
veracode
veracode
NULL Pointer Dereference
2023-08-06 07:40:33
Open Redirect
2022-12-20 09:04:10
debiancve
debiancve
CVE-2023-28625
2023-04-03 14:15:07
CVE-2022-23527
2022-12-14 18:15:00
prion
prion
Null pointer dereference
2023-04-03 14:15:00
Open redirect
2022-12-14 18:15:00
ubuntucve
ubuntucve
CVE-2023-28625
2023-04-03 00:00:00
CVE-2022-23527
2022-12-14 00:00:00
f5
f5
K000134597 : mod_auth_openidc vulnerability CVE-2023-28625
2023-05-12 00:00:00
cbl_mariner
cbl_mariner
cvelist
cvelist
cve
cve
CVE-2022-23527
2022-12-14 18:15:00
CVE-2023-28625
2023-04-03 14:15:07
debian
debian
[SECURITY] [DSA 5405-1] libapache2-mod-auth-openidc security update
2023-05-18 13:12:59
[SECURITY] [DLA 3499-1] libapache2-mod-auth-openidc security update
2023-07-18 22:51:54
[SECURITY] [DLA 3409-1] libapache2-mod-auth-openidc security update
2023-04-30 21:14:38
redhatcve
redhatcve
CVE-2023-28625
2023-04-03 18:14:37
CVE-2022-23527
2022-12-15 04:04:44
rosalinux
rosalinux
Advisory ROSA-SA-2024-2362
2024-02-27 09:20:02