rpms/mod_auth_openidc
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI mod_auth_openidc-2.4.10-1.el9_6.2

Browse Source
This commit is contained in:
eabdullin 2025-06-23 21:12:10 +00:00
parent 3f61e7b718
commit 16b77492dc
3 changed files with 1501 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
SOURCES/0005-CVE-2024-24814.patch → SOURCES/0005-CVE-2025-31492.patch
View File

1494
SOURCES/0006-CVE-2025-3891.patch Normal file
View File

File diff suppressed because it is too large Load Diff

9
SPECS/mod_auth_openidc.spec
View File

@ -15,7 +15,7 @@
Name: mod_auth_openidc
Version: 2.4.10
Release: 1%{?dist}.1
Release: 1%{?dist}.2
Summary: OpenID Connect auth module for Apache HTTP Server
License: ASL 2.0
@ -26,7 +26,8 @@ Patch1: 0001-CVE-2022-23527.patch
Patch2: 0002-CVE-2023-28625.patch
Patch3: 0003-CVE-2024-24814.patch
Patch4: 0004-race-condition.patch
Patch5: 0005-CVE-2024-24814.patch
Patch5: 0005-CVE-2025-31492.patch
Patch6: 0006-CVE-2025-3891.patch
BuildRequires: gcc
BuildRequires: httpd-devel
@ -100,6 +101,10 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/cache
%dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache
%changelog
* Fri Apr 11 2025 Tomas Halman <thalman@redhat.com> - 2.4.10-1%{?dist}.2
Resolves: RHEL-95948 - mod_auth_openidc: DoS via Empty POST in mod_auth_openidc
with OIDCPreservePost Enabled (CVE-2025-3891)
* Fri Apr 11 2025 Tomas Halman <thalman@redhat.com> - 2.4.10-1%{?dist}.1
Resolves: RHEL-86224 - mod_auth_openidc allows OIDCProviderAuthRequestMethod
POSTs to leak protected data (CVE-2025-31492)