Red Hat Product Errata RHSA-2024:9180 - Security Advisory
Issued:
2024-11-12
Updated:
2024-11-12

RHSA-2024:9180 - Security Advisory

Synopsis

Moderate: mod_auth_openidc security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for mod_auth_openidc is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Security Fix(es):

  • mod_auth_openidc: DoS when using `OIDCSessionType client-cookie` and manipulating cookies (CVE-2024-24814)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x

Fixes

  • BZ - 2264092 - CVE-2024-24814 mod_auth_openidc: DoS when using `OIDCSessionType client-cookie` and manipulating cookies
  • RHEL-32450 - Race condition in mod_auth_openidc filecache

Red Hat Enterprise Linux for x86_64 9

SRPM
mod_auth_openidc-2.4.10-1.el9.src.rpm SHA-256: 12b6771e7a3411f5b5f79ac44b46c61ae57fd2d3c5db9cf5dc82b100dfaec53e
x86_64
mod_auth_openidc-2.4.10-1.el9.x86_64.rpm SHA-256: c2dfb424c866eb347a37b7458724d15376705929d031d52d81bbee174aa73eda
mod_auth_openidc-debuginfo-2.4.10-1.el9.x86_64.rpm SHA-256: 120d1c38b0e6b2df8574b4d071416b30bceefc7304caddf2d8ee01c70f9d1663
mod_auth_openidc-debugsource-2.4.10-1.el9.x86_64.rpm SHA-256: c36062e9e34f4ca8f83e3478c9c44c89ed425ab7e33ca1f9315907af4902b4b4

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9.src.rpm SHA-256: 12b6771e7a3411f5b5f79ac44b46c61ae57fd2d3c5db9cf5dc82b100dfaec53e
x86_64
mod_auth_openidc-2.4.10-1.el9.x86_64.rpm SHA-256: c2dfb424c866eb347a37b7458724d15376705929d031d52d81bbee174aa73eda
mod_auth_openidc-debuginfo-2.4.10-1.el9.x86_64.rpm SHA-256: 120d1c38b0e6b2df8574b4d071416b30bceefc7304caddf2d8ee01c70f9d1663
mod_auth_openidc-debugsource-2.4.10-1.el9.x86_64.rpm SHA-256: c36062e9e34f4ca8f83e3478c9c44c89ed425ab7e33ca1f9315907af4902b4b4

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9.src.rpm SHA-256: 12b6771e7a3411f5b5f79ac44b46c61ae57fd2d3c5db9cf5dc82b100dfaec53e
x86_64
mod_auth_openidc-2.4.10-1.el9.x86_64.rpm SHA-256: c2dfb424c866eb347a37b7458724d15376705929d031d52d81bbee174aa73eda
mod_auth_openidc-debuginfo-2.4.10-1.el9.x86_64.rpm SHA-256: 120d1c38b0e6b2df8574b4d071416b30bceefc7304caddf2d8ee01c70f9d1663
mod_auth_openidc-debugsource-2.4.10-1.el9.x86_64.rpm SHA-256: c36062e9e34f4ca8f83e3478c9c44c89ed425ab7e33ca1f9315907af4902b4b4

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
mod_auth_openidc-2.4.10-1.el9.src.rpm SHA-256: 12b6771e7a3411f5b5f79ac44b46c61ae57fd2d3c5db9cf5dc82b100dfaec53e
s390x
mod_auth_openidc-2.4.10-1.el9.s390x.rpm SHA-256: 21f8a4ee75636fe2301ac0099fdeac83d5459407de2cf4de4119a0a46ccb413f
mod_auth_openidc-debuginfo-2.4.10-1.el9.s390x.rpm SHA-256: 2d6b442e53f555450888fff9ef791505764c6408b408540074b76eaac31add98
mod_auth_openidc-debugsource-2.4.10-1.el9.s390x.rpm SHA-256: a063a1dcdefde32c86515311106421c3035fea9af253af8c2e737b4d643b5a81

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9.src.rpm SHA-256: 12b6771e7a3411f5b5f79ac44b46c61ae57fd2d3c5db9cf5dc82b100dfaec53e
s390x
mod_auth_openidc-2.4.10-1.el9.s390x.rpm SHA-256: 21f8a4ee75636fe2301ac0099fdeac83d5459407de2cf4de4119a0a46ccb413f
mod_auth_openidc-debuginfo-2.4.10-1.el9.s390x.rpm SHA-256: 2d6b442e53f555450888fff9ef791505764c6408b408540074b76eaac31add98
mod_auth_openidc-debugsource-2.4.10-1.el9.s390x.rpm SHA-256: a063a1dcdefde32c86515311106421c3035fea9af253af8c2e737b4d643b5a81

Red Hat Enterprise Linux for Power, little endian 9

SRPM
mod_auth_openidc-2.4.10-1.el9.src.rpm SHA-256: 12b6771e7a3411f5b5f79ac44b46c61ae57fd2d3c5db9cf5dc82b100dfaec53e
ppc64le
mod_auth_openidc-2.4.10-1.el9.ppc64le.rpm SHA-256: 8f58ba20193488286df45bb52cd629ec1fecbeaac03fde3ee59c2d4e4fce94a4
mod_auth_openidc-debuginfo-2.4.10-1.el9.ppc64le.rpm SHA-256: 09b7662486f39e7b1ac44c29d161bb66e457c02e7e36c9114e329749dfc04a6e
mod_auth_openidc-debugsource-2.4.10-1.el9.ppc64le.rpm SHA-256: 0a6e076ded1a9f3a1e502ed60e4ebcf4556d4cff8e81f4ec3f530d047a476701

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9.src.rpm SHA-256: 12b6771e7a3411f5b5f79ac44b46c61ae57fd2d3c5db9cf5dc82b100dfaec53e
ppc64le
mod_auth_openidc-2.4.10-1.el9.ppc64le.rpm SHA-256: 8f58ba20193488286df45bb52cd629ec1fecbeaac03fde3ee59c2d4e4fce94a4
mod_auth_openidc-debuginfo-2.4.10-1.el9.ppc64le.rpm SHA-256: 09b7662486f39e7b1ac44c29d161bb66e457c02e7e36c9114e329749dfc04a6e
mod_auth_openidc-debugsource-2.4.10-1.el9.ppc64le.rpm SHA-256: 0a6e076ded1a9f3a1e502ed60e4ebcf4556d4cff8e81f4ec3f530d047a476701

Red Hat Enterprise Linux for ARM 64 9

SRPM
mod_auth_openidc-2.4.10-1.el9.src.rpm SHA-256: 12b6771e7a3411f5b5f79ac44b46c61ae57fd2d3c5db9cf5dc82b100dfaec53e
aarch64
mod_auth_openidc-2.4.10-1.el9.aarch64.rpm SHA-256: 5483a7119ac72c8c94c49e2f86594cf3945755ba77096dfd00ae46c7bac9a176
mod_auth_openidc-debuginfo-2.4.10-1.el9.aarch64.rpm SHA-256: 36c7025fd343586699d6b4e71a338882057f34919eab49857661d00c2e9cbf0a
mod_auth_openidc-debugsource-2.4.10-1.el9.aarch64.rpm SHA-256: f556d7d562b3ff2283adabc3d61b7cf8d35bb35f4ac6b490dba0fff7860c020f

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9.src.rpm SHA-256: 12b6771e7a3411f5b5f79ac44b46c61ae57fd2d3c5db9cf5dc82b100dfaec53e
aarch64
mod_auth_openidc-2.4.10-1.el9.aarch64.rpm SHA-256: 5483a7119ac72c8c94c49e2f86594cf3945755ba77096dfd00ae46c7bac9a176
mod_auth_openidc-debuginfo-2.4.10-1.el9.aarch64.rpm SHA-256: 36c7025fd343586699d6b4e71a338882057f34919eab49857661d00c2e9cbf0a
mod_auth_openidc-debugsource-2.4.10-1.el9.aarch64.rpm SHA-256: f556d7d562b3ff2283adabc3d61b7cf8d35bb35f4ac6b490dba0fff7860c020f

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9.src.rpm SHA-256: 12b6771e7a3411f5b5f79ac44b46c61ae57fd2d3c5db9cf5dc82b100dfaec53e
ppc64le
mod_auth_openidc-2.4.10-1.el9.ppc64le.rpm SHA-256: 8f58ba20193488286df45bb52cd629ec1fecbeaac03fde3ee59c2d4e4fce94a4
mod_auth_openidc-debuginfo-2.4.10-1.el9.ppc64le.rpm SHA-256: 09b7662486f39e7b1ac44c29d161bb66e457c02e7e36c9114e329749dfc04a6e
mod_auth_openidc-debugsource-2.4.10-1.el9.ppc64le.rpm SHA-256: 0a6e076ded1a9f3a1e502ed60e4ebcf4556d4cff8e81f4ec3f530d047a476701

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9.src.rpm SHA-256: 12b6771e7a3411f5b5f79ac44b46c61ae57fd2d3c5db9cf5dc82b100dfaec53e
x86_64
mod_auth_openidc-2.4.10-1.el9.x86_64.rpm SHA-256: c2dfb424c866eb347a37b7458724d15376705929d031d52d81bbee174aa73eda
mod_auth_openidc-debuginfo-2.4.10-1.el9.x86_64.rpm SHA-256: 120d1c38b0e6b2df8574b4d071416b30bceefc7304caddf2d8ee01c70f9d1663
mod_auth_openidc-debugsource-2.4.10-1.el9.x86_64.rpm SHA-256: c36062e9e34f4ca8f83e3478c9c44c89ed425ab7e33ca1f9315907af4902b4b4

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9.src.rpm SHA-256: 12b6771e7a3411f5b5f79ac44b46c61ae57fd2d3c5db9cf5dc82b100dfaec53e
aarch64
mod_auth_openidc-2.4.10-1.el9.aarch64.rpm SHA-256: 5483a7119ac72c8c94c49e2f86594cf3945755ba77096dfd00ae46c7bac9a176
mod_auth_openidc-debuginfo-2.4.10-1.el9.aarch64.rpm SHA-256: 36c7025fd343586699d6b4e71a338882057f34919eab49857661d00c2e9cbf0a
mod_auth_openidc-debugsource-2.4.10-1.el9.aarch64.rpm SHA-256: f556d7d562b3ff2283adabc3d61b7cf8d35bb35f4ac6b490dba0fff7860c020f

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9.src.rpm SHA-256: 12b6771e7a3411f5b5f79ac44b46c61ae57fd2d3c5db9cf5dc82b100dfaec53e
s390x
mod_auth_openidc-2.4.10-1.el9.s390x.rpm SHA-256: 21f8a4ee75636fe2301ac0099fdeac83d5459407de2cf4de4119a0a46ccb413f
mod_auth_openidc-debuginfo-2.4.10-1.el9.s390x.rpm SHA-256: 2d6b442e53f555450888fff9ef791505764c6408b408540074b76eaac31add98
mod_auth_openidc-debugsource-2.4.10-1.el9.s390x.rpm SHA-256: a063a1dcdefde32c86515311106421c3035fea9af253af8c2e737b4d643b5a81

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.