SUSE-SU-2021:3352-1 -- SLES apache2-mod_auth_openidc| ID: oval:org.secpod.oval:def:89045705 | Date: (C)2021-10-25 (M)2024-02-06 |
| Class: PATCH | Family: unix |
This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2021-32785: format string bug via hiredis - CVE-2021-32786: open redirect in logout functionality - CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption - CVE-2021-32792: XSS when using OIDCPreservePost On - CVE-2021-39191: open redirect issue in target_link_uri parameter
| Platform: |
| SUSE Linux Enterprise Server 12 SP5 |
| Product: |
| apache2-mod_auth_openidc |
