(RHSA-2023:4408) Important: mod_auth_openidc:2.3 security update

2023-08-0113:21:23

access.redhat.com

mod_auth_openidc

apache http server

openid connect

oauth 2.0

security update

cjose

aes gcm decryption

cve-2023-37464

cvss score

references

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

EPSS

0.003

Percentile

65.9%

JSON

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Security Fix(es):

cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE (CVE-2023-37464)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyx86_64cjose-debuginfo< 0.6.1-3.module+el8.6.0+19463+7d2e1f9ccjose-debuginfo-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.x86_64.rpm
RedHatanyx86_64mod_auth_openidc-debuginfo< 2.3.7-11.module+el8.6.0+14082+b6f23e95mod_auth_openidc-debuginfo-2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64.rpm
RedHatanys390xmod_auth_openidc< 2.3.7-11.module+el8.6.0+14082+b6f23e95mod_auth_openidc-2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x.rpm
RedHatanys390xmod_auth_openidc-debuginfo< 2.3.7-11.module+el8.6.0+14082+b6f23e95mod_auth_openidc-debuginfo-2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x.rpm
RedHatanyx86_64mod_auth_openidc< 2.3.7-11.module+el8.6.0+14082+b6f23e95mod_auth_openidc-2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64.rpm
RedHatanys390xcjose-debugsource< 0.6.1-3.module+el8.6.0+19463+7d2e1f9ccjose-debugsource-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.s390x.rpm
RedHatanyppc64lecjose< 0.6.1-3.module+el8.6.0+19463+7d2e1f9ccjose-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.ppc64le.rpm
RedHatanyppc64lemod_auth_openidc-debuginfo< 2.3.7-11.module+el8.6.0+14082+b6f23e95mod_auth_openidc-debuginfo-2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le.rpm
RedHatanyx86_64cjose< 0.6.1-3.module+el8.6.0+19463+7d2e1f9ccjose-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.x86_64.rpm
RedHatanyaarch64mod_auth_openidc< 2.3.7-11.module+el8.6.0+14082+b6f23e95mod_auth_openidc-2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	x86_64	cjose-debuginfo	< 0.6.1-3.module+el8.6.0+19463+7d2e1f9c	cjose-debuginfo-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.x86_64.rpm
RedHat	any	x86_64	mod_auth_openidc-debuginfo	< 2.3.7-11.module+el8.6.0+14082+b6f23e95	mod_auth_openidc-debuginfo-2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64.rpm
RedHat	any	s390x	mod_auth_openidc	< 2.3.7-11.module+el8.6.0+14082+b6f23e95	mod_auth_openidc-2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x.rpm
RedHat	any	s390x	mod_auth_openidc-debuginfo	< 2.3.7-11.module+el8.6.0+14082+b6f23e95	mod_auth_openidc-debuginfo-2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x.rpm
RedHat	any	x86_64	mod_auth_openidc	< 2.3.7-11.module+el8.6.0+14082+b6f23e95	mod_auth_openidc-2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64.rpm
RedHat	any	s390x	cjose-debugsource	< 0.6.1-3.module+el8.6.0+19463+7d2e1f9c	cjose-debugsource-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.s390x.rpm
RedHat	any	ppc64le	cjose	< 0.6.1-3.module+el8.6.0+19463+7d2e1f9c	cjose-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.ppc64le.rpm
RedHat	any	ppc64le	mod_auth_openidc-debuginfo	< 2.3.7-11.module+el8.6.0+14082+b6f23e95	mod_auth_openidc-debuginfo-2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le.rpm
RedHat	any	x86_64	cjose	< 0.6.1-3.module+el8.6.0+19463+7d2e1f9c	cjose-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.x86_64.rpm
RedHat	any	aarch64	mod_auth_openidc	< 2.3.7-11.module+el8.6.0+14082+b6f23e95	mod_auth_openidc-2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64.rpm