Fedora 37 Update: mod_auth_openidc-2.4.12.2-1.fc37

Fedora Linux 8695 Published by

A mod_auth_openidc security update has been released for Fedora 37.



SECURITY: Fedora 37 Update: mod_auth_openidc-2.4.12.2-1.fc37


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-e139408490
2022-12-25 01:06:43.535589
--------------------------------------------------------------------------------

Name : mod_auth_openidc
Product : Fedora 37
Version : 2.4.12.2
Release : 1.fc37
URL :   https://github.com/zmartzone/mod_auth_openidc
Summary : OpenID Connect auth module for Apache HTTP Server
Description :
This module enables an Apache 2.x web server to operate as
an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

--------------------------------------------------------------------------------
Update Information:

CVE-2022-23527 mod_auth_openidc: Open Redirect in oidc_validate_redirect_url()
using tab character
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 16 2022 Tomas Halman - 2.4.12.2-1
Rebase to 2.4.12.2 version
- Resolves: rhbz#2153658 - CVE-2022-23527 mod_auth_openidc: Open Redirect in
oidc_validate_redirect_url() using tab character
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2153657 - CVE-2022-23527 mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character [fedora-36]
  https://bugzilla.redhat.com/show_bug.cgi?id=2153657
[ 2 ] Bug #2153658 - CVE-2022-23527 mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character [fedora-37]
  https://bugzilla.redhat.com/show_bug.cgi?id=2153658
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-e139408490' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________

Bootstrap 5.3.0 Alpha 1 released

How to Install Google Chrome Web Browser on Ubuntu and Debian

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...