File _patchinfo of Package patchinfo.20617

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.20617

<patchinfo incident="20617">
  <issue tracker="cve" id="2021-32785"/>
  <issue tracker="cve" id="2021-32786"/>
  <issue tracker="cve" id="2021-32791"/>
  <issue tracker="cve" id="2021-39191"/>
  <issue tracker="cve" id="2021-32792"/>
  <issue tracker="bnc" id="1188639">VUL-0: CVE-2021-32786: apache2-mod_auth_openidc: open redirect in logout functionality</issue>
  <issue tracker="bnc" id="1188638">VUL-1: CVE-2021-32785: apache2-mod_auth_openidc: format string bug via hiredis</issue>
  <issue tracker="bnc" id="1188849">VUL-0: CVE-2021-32791: apache2-mod_auth_openidc: hardcoded static IV and AAD with a reused key in AES GCM encryption</issue>
  <issue tracker="bnc" id="1188848">VUL-1: CVE-2021-32792: apache2-mod_auth_openidc: XSS when using OIDCPreservePost On</issue>
  <issue tracker="bnc" id="1190223"/>
  <packager>dspinella</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for apache2-mod_auth_openidc</summary>
  <description>This update for apache2-mod_auth_openidc fixes the following issues:

- CVE-2021-32785: format string bug via hiredis (bsc#1188638)
- CVE-2021-32786: open redirect in logout functionality (bsc#1188639)
- CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption (bsc#1188849)
- CVE-2021-32792: XSS when using OIDCPreservePost On (bsc#1188848)
- CVE-2021-39191: open redirect issue in target_link_uri parameter (bsc#1190223)
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.20617

Places