SUSE-SU-2021:3352-1 -- SLES apache2-mod_auth_openidcID: oval:org.secpod.oval:def:89045705 | Date: (C)2021-10-25 (M)2024-02-06 |
Class: PATCH | Family: unix |
This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2021-32785: format string bug via hiredis - CVE-2021-32786: open redirect in logout functionality - CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption - CVE-2021-32792: XSS when using OIDCPreservePost On - CVE-2021-39191: open redirect issue in target_link_uri parameter
Platform: |
SUSE Linux Enterprise Server 12 SP5 |
Product: |
apache2-mod_auth_openidc |