ELSA-2020-3970

ELSA-2020-3970 - mod_auth_openidc security update

Type:	SECURITY
Impact:	LOW
Release Date:	2020-10-06

Description

[1.8.8-7]
- Fix a regression in the previous patches
- Related: rhbz#1805748 - CVE-2019-20479 mod_auth_openidc: open redirect
issue exists in URLs with slash and backslash [rhel-7]

[1.8.8-6]
- Resolves: rhbz#1805748 - CVE-2019-20479 mod_auth_openidc: open redirect
issue exists in URLs with slash and backslash [rhel-7]
- Resolves: rhbz#1805067 - CVE-2019-14857 mod_auth_openidc: Open redirect
in logout url when using URLs with leading slashes
[rhel-7]

Related CVEs

CVE-2019-14857

CVE-2019-20479

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 7 (aarch64)	mod_auth_openidc-1.8.8-7.el7.src.rpm	5318886d0bdf069a6e7f22a439eafe7da889c9812ba1884a8993df1793c192bd	ELBA-2020-5035	ol7_aarch64_latest
	mod_auth_openidc-1.8.8-7.el7.src.rpm	5318886d0bdf069a6e7f22a439eafe7da889c9812ba1884a8993df1793c192bd	ELBA-2020-5035	ol7_aarch64_u9_base
	mod_auth_openidc-1.8.8-7.el7.aarch64.rpm	87977699a6a155b03d764c441a935d9d97b381e403bfd973310f920bccecca6c	ELBA-2020-5035	ol7_aarch64_latest
	mod_auth_openidc-1.8.8-7.el7.aarch64.rpm	87977699a6a155b03d764c441a935d9d97b381e403bfd973310f920bccecca6c	ELBA-2020-5035	ol7_aarch64_u9_base
Oracle Linux 7 (x86_64)	mod_auth_openidc-1.8.8-7.el7.src.rpm	5318886d0bdf069a6e7f22a439eafe7da889c9812ba1884a8993df1793c192bd	ELBA-2020-5035	ol7_x86_64_latest
	mod_auth_openidc-1.8.8-7.el7.src.rpm	5318886d0bdf069a6e7f22a439eafe7da889c9812ba1884a8993df1793c192bd	ELBA-2020-5035	ol7_x86_64_u9_base
	mod_auth_openidc-1.8.8-7.el7.x86_64.rpm	07662f9f8bf2cea68dd8a9b912abb77b1328bf52e24934b3fbbdc5793be134fc	ELBA-2020-5035	ol7_x86_64_latest
	mod_auth_openidc-1.8.8-7.el7.x86_64.rpm	07662f9f8bf2cea68dd8a9b912abb77b1328bf52e24934b3fbbdc5793be134fc	ELBA-2020-5035	ol7_x86_64_u9_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team