A mod_auth_openidc:2.3 security update has been released for AlmaLinux 8.

ALSA-2023:4418 Important: mod_auth_openidc:2.3 security update

Type:
security

Severity:
important

Release date:
2023-08-02

Description
Security Fix(es):
* cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE (CVE-2023-37464)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-37464
RHSA-2023:4418
ALSA-2023:4418

Updates packages:
mod_auth_openidc-2.4.9.4-1.module_el8.7.0+3305+9a59f0c3.s390x.rpm
cjose-devel-0.6.1-3.module_el8.8.0+3591+c9939da8.x86_64.rpm
cjose-0.6.1-3.module_el8.8.0+3591+c9939da8.aarch64.rpm
mod_auth_openidc-2.4.9.4-1.module_el8.7.0+3305+9a59f0c3.ppc64le.rpm
cjose-0.6.1-3.module_el8.8.0+3591+c9939da8.x86_64.rpm
cjose-0.6.1-3.module_el8.8.0+3591+c9939da8.s390x.rpm
cjose-devel-0.6.1-3.module_el8.8.0+3591+c9939da8.ppc64le.rpm
cjose-devel-0.6.1-3.module_el8.8.0+3591+c9939da8.aarch64.rpm
cjose-devel-0.6.1-3.module_el8.8.0+3591+c9939da8.s390x.rpm
cjose-0.6.1-3.module_el8.8.0+3591+c9939da8.ppc64le.rpm
mod_auth_openidc-2.4.9.4-1.module_el8.7.0+3305+9a59f0c3.aarch64.rpm
mod_auth_openidc-2.4.9.4-1.module_el8.7.0+3305+9a59f0c3.x86_64.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:4418 Important: mod_auth_openidc:2.3 security update