ELSA-2020-3970 - mod_auth_openidc security update
| Type: | SECURITY |
| Severity: | LOW |
| Release Date: | 2020-10-06 |
Description
[1.8.8-7]
- Fix a regression in the previous patches
- Related: rhbz#1805748 - CVE-2019-20479 mod_auth_openidc: open redirect
issue exists in URLs with slash and backslash [rhel-7]
[1.8.8-6]
- Resolves: rhbz#1805748 - CVE-2019-20479 mod_auth_openidc: open redirect
issue exists in URLs with slash and backslash [rhel-7]
- Resolves: rhbz#1805067 - CVE-2019-14857 mod_auth_openidc: Open redirect
in logout url when using URLs with leading slashes
[rhel-7]
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle Linux 7 (aarch64) | mod_auth_openidc-1.8.8-7.el7.src.rpm | 7603a7498236ddd1aa55aa2fc851db2f | ELBA-2020-5035 |
| mod_auth_openidc-1.8.8-7.el7.aarch64.rpm | 83e2a342f9d0d8f045adccaecbbae8b6 | ELBA-2020-5035 |
|
| Oracle Linux 7 (x86_64) | mod_auth_openidc-1.8.8-7.el7.src.rpm | 7603a7498236ddd1aa55aa2fc851db2f | ELBA-2020-5035 |
| mod_auth_openidc-1.8.8-7.el7.x86_64.rpm | 22ba783f8f646db6625ec85042b50e04 | ELBA-2020-5035 |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
