mod_auth_openidc:2.3 Security and Bug Fix update
エラータID: AXSA:2020-809:01
Release date:
Tuesday, October 27, 2020 - 00:29
Subject:
mod_auth_openidc:2.3 Security and Bug Fix update
Affected Channels:
Asianux Server 8 for x86_64
Severity:
High
Description:
Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying
Party and/or OAuth 2.0 Resource Server.
Security Fix(es):
* mod_auth_openidc: Open redirect in logout url when using URLs with leading
slashes (CVE-2019-14857)
* mod_auth_openidc: Open redirect issue exists in URLs with slash and backslash
(CVE-2019-20479)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Bug Fix(es):
Module stream mod_auth_openidc:2.3 does not have correct module.md file
Modularity name: mod_auth_openidc
Stream name: 2.3
Solution:
Update packages.
CVEs:
CVE-2019-14857
A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.
A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.
CVE-2019-20479
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
Additional Info:
N/A
Download:
SRPMS
- cjose-0.6.1-2.module+el8+134+d42d082a.src.rpm
MD5: ccf4880ff25cadd21e89954dbcc60aad
SHA-256: 2821b9cf48aff150848fc79f8ec3696184c06264a279f58c74af5b9839d16379
Size: 1.52 MB - mod_auth_openidc-2.3.7-4.module+el8+134+d42d082a.3.src.rpm
MD5: 8199623c05806a41d6d9ffc3fff230a8
SHA-256: 2419043811a4309ff447e44eae597a74d199c380f0a7dad9194e5d889da71ba4
Size: 266.92 kB
Asianux Server 8 for x86_64
- cjose-0.6.1-2.module+el8+134+d42d082a.x86_64.rpm
MD5: a787ebcef649288e3831cbe6e2719bc0
SHA-256: aad42f09fe49bdaed77dbf58712ad7d86d28cb21bf7b1973a091f7b03915d867
Size: 183.06 kB - cjose-devel-0.6.1-2.module+el8+134+d42d082a.x86_64.rpm
MD5: 5df9e1d2f200ccb0c21fe3eda3224efc
SHA-256: d548076ab5b740e86a4f9b69acd50c0df01b92ae38b2fce79f2f588083260dfd
Size: 17.39 kB - mod_auth_openidc-2.3.7-4.module+el8+134+d42d082a.3.x86_64.rpm
MD5: 2e304be0c7060349f4cbfebbf67311a1
SHA-256: 48534eac29e52430075a6dcf3dd1ed6b2328fd8dfbdabe3d01cbad0902552434
Size: 173.10 kB
日本語