mod_auth_openidc-2.4.12.3-2.fc39

Read Time:2 Minute, 58 Second

FEDORA-2023-02c84fe305

Packages in this update:

mod_auth_openidc-2.4.12.3-2.fc39

Update description:

Automatic update for mod_auth_openidc-2.4.12.3-2.fc39.

Changelog

* Tue Mar 7 2023 Tomas Halman <thalman@redhat.com> – 2.4.12.3-2
migrated to SPDX license
* Tue Feb 28 2023 Tomas Halman <thalman@redhat.com> – 2.4.12.3-1
Rebase to 2.4.12.3 version
– Resolves: rhbz#2164064 – mod_auth_openidc-2.4.12.3 is available
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> – 2.4.12.2-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Dec 16 2022 Tomas Halman <thalman@redhat.com> – 2.4.12.2-1
Rebase to 2.4.12.2 version
– Resolves: rhbz#2153658 – CVE-2022-23527 mod_auth_openidc: Open Redirect in
oidc_validate_redirect_url() using tab character
* Thu Sep 22 2022 Tomas Halman <thalman@redhat.com> – 2.4.11.2-3
– Resolves: rhbz#2128328 – Port pcre dependency to pcre2
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> – 2.4.11.2-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jun 23 2022 Tomas Halman <thalman@redhat.com> – 2.4.11.2-1
– Resolves: rhbz#2082376 – New version 2.4.11.2 available
* Mon Apr 11 2022 Tomas Halman <thalman@redhat.com> – 2.4.11.1-1
– Resolves: rhbz#1996926 – New version 2.4.11.1 available
* Thu Mar 31 2022 Tomas Halman <thalman@redhat.com> – 2.4.9.4-1
– Resolves: rhbz#2001647 – CVE-2021-39191 mod_auth_openidc: open redirect
by supplying a crafted URL in the target_link_uri
parameter
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> – 2.4.9.1-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> – 2.4.9.1-2
– Rebuilt with OpenSSL 3.0.0
* Wed Aug 18 2021 Jakub Hrozek <jhrozek@redhat.com> – 2.4.9.1-1
– New upstream release
– Resolves: rhbz#1993566 – mod_auth_openidc-2.4.9.1 is available
* Fri Jul 30 2021 Jakub Hrozek <jhrozek@redhat.com> – 2.4.9-1
– Resolves: rhbz#1985153 – mod_auth_openidc-2.4.9 is available
– Resolves: rhbz#1986103 – CVE-2021-32786 mod_auth_openidc: open redirect
in oidc_validate_redirect_url()
– Resolves: rhbz#1986396 – CVE-2021-32791 mod_auth_openidc: hardcoded
static IV and AAD with a reused key in AES GCM
encryption
– Resolves: rhbz#1986398 – CVE-2021-32792 mod_auth_openidc: XSS when using
OIDCPreservePost On
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> – 2.4.8.4-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jun 2 2021 Jakub Hrozek <jhrozek@redhat.com> – 2.4.8.3-1
– New upstream release
– Resolves: rhbz#1966756 – mod_auth_openidc-2.4.8.3 is available
* Mon May 10 2021 Jakub Hrozek <jhrozek@redhat.com> – 2.4.8.2-1
– New upstream release
– Resolves: rhbz#1958466 – mod_auth_openidc-2.4.8.2 is available
* Thu May 6 2021 Jakub Hrozek <jhrozek@redhat.com> – 2.4.7.2-1
– New upstream release
– Resolves: rhbz#1900913 – mod_auth_openidc-2.4.7.2 is available
* Fri Apr 30 2021 Tomas Halman <thalman@redhat.com> – 2.4.4.1-3
– Remove unnecessary LTO patch

Read More

What is zero trust? A model for more effective security

Read Time:43 Second

Security leaders are embracing zero trust, with the vast majority of organizations either implementing or planning to adopt the strategy. The 2022 State of Zero-Trust Security report found that 97% of those surveyed either have or plan to have a zero-trust initiative in place within 18 months.

In fact, the percentage of organizations with zero trust already in place more than doubled in just one year, jumping from 24% in 2021 to 55% in the 2022 survey issued by identity and access management technology provider Okta.

And that 55% is more than three times the figure it was four years ago; when Okta first asked security leaders whether they had a zero-trust initiative in place or were planning one within the following 18 months for its 2018 report, only 16% answered yes.

To read this article in full, please click here

Read More

USN-5928-1: systemd vulnerabilities

Read Time:47 Second

It was discovered that systemd did not properly validate the time and
accuracy values provided to the format_timespan() function. An attacker
could possibly use this issue to cause a buffer overrun, leading to a
denial of service attack. This issue only affected Ubuntu 14.04 ESM, Ubuntu
16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2022-3821)

It was discovered that systemd did not properly manage the fs.suid_dumpable
kernel configurations. A local attacker could possibly use this issue to
expose sensitive information. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-4415)

It was discovered that systemd did not properly manage a crash with long
backtrace data. A local attacker could possibly use this issue to cause a
deadlock, leading to a denial of service attack. This issue only affected
Ubuntu 22.10. (CVE-2022-45873)

Read More