[El-errata] ELSA-2019-0766 Important: Oracle Linux 7 mod_auth_mellon security and bug fix update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Apr 16 12:04:16 PDT 2019
Oracle Linux Security Advisory ELSA-2019-0766
http://linux.oracle.com/errata/ELSA-2019-0766.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
mod_auth_mellon-0.14.0-2.el7_6.4.x86_64.rpm
mod_auth_mellon-diagnostics-0.14.0-2.el7_6.4.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/mod_auth_mellon-0.14.0-2.el7_6.4.src.rpm
Description of changes:
[0.14.0-2.4]
- Actually apply the patch in the previous build
- Resolves: rhbz#1697488 - CVE-2019-3877 mod_auth_mellon: open redirect
in logout url when using URLs with backslashes
[0.14.0-2.3]
- Resolves: rhbz#1697488 - CVE-2019-3877 mod_auth_mellon: open redirect
in logout url when using URLs with backslashes
[rhel-7] [rhel-7.6.z]
[0.14.0-2.2]
- Resolves: rhbz#1697487 - mod_auth_mellon Cert files name wrong when
hostname contains a number
[0.14.0-2.1]
- Resolves: rhbz#1692455 - CVE-2019-3878 mod_auth_mellon: authentication
bypass in ECP flow [rhel-7.6.z]
More information about the El-errata
mailing list