SUSE-SU-2021:2912-1

Опубликовано: 02 сент. 2021

Источник: suse-cvrf

Описание

Security update for apache2-mod_auth_mellon

This update for apache2-mod_auth_mellon fixes the following issues:

CVE-2021-3639: Fixed Open Redirect vulnerability in logout URLs (bsc#1188926).

Список пакетов

SUSE Linux Enterprise Server 12 SP5

apache2-mod_auth_mellon-0.16.0-8.6.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

apache2-mod_auth_mellon-0.16.0-8.6.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20212912-1/
Link for SUSE-SU-2021:2912-1
https://lists.suse.com/pipermail/sle-security-updates/2021-September/009379.html
E-Mail link for SUSE-SU-2021:2912-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1188926
SUSE Bug 1188926
https://www.suse.com/security/cve/CVE-2021-3639/
SUSE CVE CVE-2021-3639 page

Описание

A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:apache2-mod_auth_mellon-0.16.0-8.6.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:apache2-mod_auth_mellon-0.16.0-8.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-3639.html
CVE-2021-3639
https://bugzilla.suse.com/1188926
SUSE Bug 1188926

SUSE-SU-2021:2912-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

Ссылки

Уязвимость: CVE-2021-3639

Описание

Затронутые продукты

Ссылки