modules/mod_auth_openidc
6
0
Fork 0
Code Issues Pull Requests Releases Activity
12 Commits 6 Branches 13 Tags 39 KiB
06e46dcdfa
Commit Graph

12 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tomas Halman
06e46dcdfa CVE-2024-24814 and race condition in cache handling 
Resolves: RHEL-36492 Race condition in mod_auth_openidc filecache
Resolves: RHEL-25421 mod_auth_openidc: DoS when using
          `OIDCSessionType client-cookie` and manipulating cookies
          (CVE-2024-24814)
 2024-05-16 09:16:25 +02:00
Adam Samalik
a70e989f72 branching - update refs 2023-09-04 10:48:14 +02:00
Tomas Halman
44c6505f36 Merge branch 'c8s-cve-2023-37464' into 'stream-mod_auth_openidc-2.3-rhel-8.9.0' 
CVE-2023-37464 AES GCM decryption

See merge request redhat/centos-stream/modules/mod_auth_openidc!3
 2023-07-21 12:38:32 +00:00
Tomas Halman
022159aaa9 CVE-2023-37464 AES GCM decryption 
AES GCM decryption uses the Tag length from the actual
Authentication Tag provided in the JWE

Resolves: rhbz#2223307
 2023-07-21 14:31:00 +02:00
Tomas Halman
e1ee6d111d Merge branch 'update-8.9.0-2' into 'stream-mod_auth_openidc-2.3-rhel-8.9.0' 
The access mode and ownership of auth_openidc.conf

See merge request redhat/centos-stream/modules/mod_auth_openidc!2
 2023-04-25 10:14:25 +00:00
Tomas Halman
286bad58f0 The access mode and ownership of auth_openidc.conf 
Resolves: rhbz#2141850 - auth_openidc.conf mode 0640 by default
          rhbz#2072469 - Random memory overwrite
          rhbz#2153659 - CVE-2022-23527 Open Redirect in oidc_validate_redirect_url() using tab character
          rhbz#2184144 - CVE-2023-28625 NULL pointer dereference when OIDCStripCookies is set and a crafted
                         Cookie header is supplied
 2023-04-25 12:04:08 +02:00
Tomas Halman
60fa81c01d The access mode and ownership of auth_openidc.conf 
Resolves: rhbz#2141850 - auth_openidc.conf mode 0640 by default
 2023-04-24 22:47:37 +02:00
Tomas Halman
b1c7fff203 mod_auth_openidc: NULL pointer dereference 
Resolves: rhbz#2184144 CVE-2023-28625 - mod_auth_openidc: NULL pointer dereference
    when OIDCStripCookies is set and a crafted Cookie header is supplied
 2023-04-12 13:44:29 +02:00
Tomas Halman
e46cb2540f Merge branch 'update-8.9.0' into 'stream-mod_auth_openidc-2.3-rhel-8.9.0' 
mod_auth_openidc update

See merge request redhat/centos-stream/modules/mod_auth_openidc!1
 2023-03-17 15:06:44 +00:00
Tomas Halman
e6cc8faf14 mod_auth_openidc update 
Resolves: rhbz#2072469 - cjose random memory override
Resolves: rhbz#2153659 - CVE-2022-23527 Open Redirect in oidc_validate_redirect_url()
          using tab character
 2023-03-17 15:43:58 +01:00
Adam Samalik
4466857bfd update refs 2023-02-23 11:47:59 +00:00
Adam Samalik
a80ce31501 update modulemd etc 2023-02-23 11:47:59 +00:00