mod_auth_openidc-1.8.8-7.el7

エラータID: AXSA:2020-741:01

Release date: 
Thursday, October 15, 2020 - 13:17
Subject: 
mod_auth_openidc-1.8.8-7.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Security Fix(es):

* mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes (CVE-2019-14857)

* mod_auth_openidc: Open redirect issue exists in URLs with slash and backslash (CVE-2019-20479)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-14857
A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.
CVE-2019-20479
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. mod_auth_openidc-1.8.8-7.el7.src.rpm
    MD5: db9540021371c22622bc6eee393e2348
    SHA-256: 38397c3ccbfba234b03396209cd23c66cf300ae299aae5b4c57fe04396372e9e
    Size: 175.99 kB

Asianux Server 7 for x86_64
  1. mod_auth_openidc-1.8.8-7.el7.x86_64.rpm
    MD5: 66ca53970fa199c6d1acfa336a094c1d
    SHA-256: 8e3afe9f8280db79bf065539ddcfecb769fca3a214420fc9eb1ee1e91b8e94c4
    Size: 123.88 kB