Fedora 39 FEDORA-2024-3c0f2a2771 Critical: mod_auth_openidc DoS Issue
fedora
March 2, 2024
fix CVE-2024-24814: prevent DoS when OIDCSessionType client-cookie is set and a crafted Cookie header is supplied
Summary
This module enables an Apache 2.x web server to operate as
an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
Update Information:
fix CVE-2024-24814: prevent DoS when OIDCSessionType client-cookie is set and a crafted Cookie header is supplied
Topics Covered
Change Log
* Thu Feb 22 2024 Tomas Halman
References
Fedora Update Notification
FEDORA-2024-3c0f2a2771
2024-03-02 00:40:38.894316
Name : mod_auth_openidc
Product : Fedora 39
Version : 2.4.15.3
Release : 1.fc39
URL : https://github.com/OpenIDC/mod_auth_openidc
Summary : OpenID Connect auth module for Apache HTTP Server
Description :
This module enables an Apache 2.x web server to operate as
an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-3c0f2a2771' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: mod_auth_openidc
Product: Fedora 39
Version: 2.4.15.3
Release: 1.fc39
Summary: OpenID Connect auth module for Apache HTTP Server
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!