Описание
ELSA-2025-4597: mod_auth_openidc:2.3 security update (MODERATE)
cjose mod_auth_openidc [2.4.9.4-8]
- Resolves: RHEL-87759 - Empty POST causes crash with OIDCPreservePost
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module mod_auth_openidc:2.3 is enabled
cjose
0.6.1-4.module+el8.10.0+90549+7b4eddfc
cjose-devel
0.6.1-4.module+el8.10.0+90549+7b4eddfc
mod_auth_openidc
2.4.9.4-8.module+el8.10.0+90568+7a187228
Oracle Linux x86_64
Module mod_auth_openidc:2.3 is enabled
cjose
0.6.1-4.module+el8.10.0+90549+7b4eddfc
cjose-devel
0.6.1-4.module+el8.10.0+90549+7b4eddfc
mod_auth_openidc
2.4.9.4-8.module+el8.10.0+90568+7a187228
Связанные CVE
Связанные уязвимости
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
A flaw was found in the mod_auth_openidc module for Apache httpd. This ...
