Описание
ELSA-2020-1003: mod_auth_mellon security and bug fix update (MODERATE)
[0.14.0-8]
- Resolves: rhbz#1731052 - CVE-2019-13038 mod_auth_mellon: an Open Redirect via the login?ReturnTo= substring which could facilitate information theft [rhel-7]
[0.14.0-7]
- Resolves: rhbz#1727789 - mod_auth_mellon fix for AJAX header name X-Requested-With
[0.14.0-6]
- Apply the patch from the previous commit
- Resolves: rhbz#1692470 - CVE-2019-3877 mod_auth_mellon: open redirect in logout url when using URLs with backslashes [rhel-7]
[0.14.0-5]
- Resolves: rhbz#1692470 - CVE-2019-3877 mod_auth_mellon: open redirect in logout url when using URLs with backslashes [rhel-7]
[0.14.0-4]
- Resolves: rhbz#1576719 - ECP flow not triggering, instead client access secured resources without ECP authentication
[0.14.0-3]
- Resolves: rhbz#1652980 - mod_auth_mellon Cert files name wrong when hostname contains a number
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
mod_auth_mellon
0.14.0-8.el7
mod_auth_mellon-diagnostics
0.14.0-8.el7
Oracle Linux x86_64
mod_auth_mellon
0.14.0-8.el7
mod_auth_mellon-diagnostics
0.14.0-8.el7
Связанные CVE
Связанные уязвимости
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?Retu ...
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.