Oval Definition:	oval:org.opensuse.security:def:202328625
Revision Date: 2023-06-22 Version: 1 Title: CVE-2023-28625 Description: mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2023-28625 SUSE CVE-2023-28625 SUSE-SU-2023:1837-1 SUSE-SU-2023:1849-1 Platform(s): SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP5 Product(s): Definition Synopsis Release Information SUSE Linux Enterprise High Performance Computing 15 SP5 is installed OR SUSE Linux Enterprise Module for Server Applications 15 SP5 is installed OR SUSE Linux Enterprise Server 15 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed AND apache2-mod_auth_openidc is affected
BACK