mod_auth_openidc-1.8.8-7.el7
エラータID: AXSA:2020-741:01
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
Security Fix(es):
* mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes (CVE-2019-14857)
* mod_auth_openidc: Open redirect issue exists in URLs with slash and backslash (CVE-2019-20479)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2019-14857
A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.
CVE-2019-20479
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
Update packages.
A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
N/A
SRPMS
- mod_auth_openidc-1.8.8-7.el7.src.rpm
MD5: db9540021371c22622bc6eee393e2348
SHA-256: 38397c3ccbfba234b03396209cd23c66cf300ae299aae5b4c57fe04396372e9e
Size: 175.99 kB
Asianux Server 7 for x86_64
- mod_auth_openidc-1.8.8-7.el7.x86_64.rpm
MD5: 66ca53970fa199c6d1acfa336a094c1d
SHA-256: 8e3afe9f8280db79bf065539ddcfecb769fca3a214420fc9eb1ee1e91b8e94c4
Size: 123.88 kB