Overview Repositories Revisions Requests Users Attributes Meta
Security update for apache2-mod_auth_openidc

This update for apache2-mod_auth_openidc fixes the following issues:

- CVE-2021-32785: format string bug via hiredis (bsc#1188638)
- CVE-2021-32786: open redirect in logout functionality (bsc#1188639)
- CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption (bsc#1188849)
- CVE-2021-32792: XSS when using OIDCPreservePost On (bsc#1188848)

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Fixed bugs
CVE-2021-32785
CVE-2021-32786
CVE-2021-32791
CVE-2021-32792
bnc#1188639
VUL-0: CVE-2021-32786: apache2-mod_auth_openidc: open redirect in logout functionality
bnc#1188638
VUL-1: CVE-2021-32785: apache2-mod_auth_openidc: format string bug via hiredis
bnc#1188849
VUL-0: CVE-2021-32791: apache2-mod_auth_openidc: hardcoded static IV and AAD with a reused key in AES GCM encryption
bnc#1188848
VUL-1: CVE-2021-32792: apache2-mod_auth_openidc: XSS when using OIDCPreservePost On
Selected Binaries
openSUSE Build Service is sponsored by
Places