mod_auth_mellon-0.14.0-12.el8.1

エラータID: AXSA:2022-3531:01

Release date: 
Wednesday, July 13, 2022 - 03:47
Subject: 
mod_auth_mellon-0.14.0-12.el8.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server.

Security Fix(es):

* mod_auth_mellon: Open Redirect vulnerability in logout URLs (CVE-2021-3639)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.6 Release Notes linked from the References section.

CVE-2021-3639
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. mod_auth_mellon-0.14.0-12.el8.1.src.rpm
    MD5: c7d148abfe44015f395b470b08551748
    SHA-256: e63c6817778321f28e202000ba9eb91e13054be76faf517b848f053af3ca8f99
    Size: 1.45 MB

Asianux Server 8 for x86_64
  1. mod_auth_mellon-0.14.0-12.el8.1.x86_64.rpm
    MD5: 2a5cdb9b47b657925ad305af28d37c1c
    SHA-256: 1703c28c23f5d54e3b36f2a3bb1f4b1ee79bd92a67000fc04cebe4be917e3cca
    Size: 1.26 MB
  2. mod_auth_mellon-diagnostics-0.14.0-12.el8.1.x86_64.rpm
    MD5: b6a5ad980189d92cb74568192eaa7628
    SHA-256: 22233fac188e147bad0eec3e3194a2bc6c08c870bea12e4794b5d44d74a4385e
    Size: 76.48 kB