ALSA-2023:6365

Import Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:6365.json

Related

• CVE-2022-23527
• CVE-2023-28625

Published

2023-11-07T00:00:00Z

Modified

2023-11-14T12:05:07Z

Details

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Security Fix(es):

• modauthopenidc: Open Redirect in oidcvalidateredirect_url() using tab character (CVE-2022-23527)
• modauthopenidc: NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied (CVE-2023-28625)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

• https://access.redhat.com/errata/RHSA-2023:6365
• https://access.redhat.com/security/cve/CVE-2022-23527
• https://access.redhat.com/security/cve/CVE-2023-28625
• https://bugzilla.redhat.com/2153655
• https://bugzilla.redhat.com/2184118
• https://errata.almalinux.org/9/ALSA-2023-6365.html