Описание
Security update for apache2-mod_auth_openidc
This update for apache2-mod_auth_openidc fixes the following issues:
- CVE-2019-20479: Fixed an open redirect issue in URLs with slash and backslash (bsc#1164459).
Список пакетов
SUSE Linux Enterprise Server 12 SP4
apache2-mod_auth_openidc-2.4.0-3.11.1
SUSE Linux Enterprise Server 12 SP5
apache2-mod_auth_openidc-2.4.0-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
apache2-mod_auth_openidc-2.4.0-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
apache2-mod_auth_openidc-2.4.0-3.11.1
Ссылки
- Link for SUSE-SU-2020:0706-1
- E-Mail link for SUSE-SU-2020:0706-1
- SUSE Security Ratings
- SUSE Bug 1164459
- SUSE CVE CVE-2019-20479 page
Описание
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP4:apache2-mod_auth_openidc-2.4.0-3.11.1
SUSE Linux Enterprise Server 12 SP5:apache2-mod_auth_openidc-2.4.0-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_auth_openidc-2.4.0-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:apache2-mod_auth_openidc-2.4.0-3.11.1
Ссылки
- CVE-2019-20479
- SUSE Bug 1164459