SUSE-SU-2022:1524-1

Опубликовано: 04 мая 2022

Источник: suse-cvrf

Описание

Security update for apache2-mod_auth_mellon

This update for apache2-mod_auth_mellon fixes the following issues:

CVE-2021-3639: Fixed open Redirect vulnerability in logout URLs (bsc#1188926)

Список пакетов

SUSE Enterprise Storage 7

apache2-mod_auth_mellon-0.17.0-150200.5.7.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

apache2-mod_auth_mellon-0.17.0-150200.5.7.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

apache2-mod_auth_mellon-0.17.0-150200.5.7.1

SUSE Linux Enterprise Module for Server Applications 15 SP3

apache2-mod_auth_mellon-0.17.0-150200.5.7.1

apache2-mod_auth_mellon-diagnostics-0.17.0-150200.5.7.1

apache2-mod_auth_mellon-doc-0.17.0-150200.5.7.1

SUSE Linux Enterprise Real Time 15 SP2

apache2-mod_auth_mellon-0.17.0-150200.5.7.1

SUSE Linux Enterprise Server 15 SP2-BCL

apache2-mod_auth_mellon-0.17.0-150200.5.7.1

SUSE Linux Enterprise Server 15 SP2-LTSS

apache2-mod_auth_mellon-0.17.0-150200.5.7.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

apache2-mod_auth_mellon-0.17.0-150200.5.7.1

SUSE Manager Proxy 4.1

apache2-mod_auth_mellon-0.17.0-150200.5.7.1

SUSE Manager Retail Branch Server 4.1

apache2-mod_auth_mellon-0.17.0-150200.5.7.1

SUSE Manager Server 4.1

apache2-mod_auth_mellon-0.17.0-150200.5.7.1

openSUSE Leap 15.3

apache2-mod_auth_mellon-0.17.0-150200.5.7.1

apache2-mod_auth_mellon-diagnostics-0.17.0-150200.5.7.1

apache2-mod_auth_mellon-doc-0.17.0-150200.5.7.1

openSUSE Leap 15.4

apache2-mod_auth_mellon-0.17.0-150200.5.7.1

apache2-mod_auth_mellon-diagnostics-0.17.0-150200.5.7.1

apache2-mod_auth_mellon-doc-0.17.0-150200.5.7.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20221524-1/
Link for SUSE-SU-2022:1524-1
https://lists.suse.com/pipermail/sle-security-updates/2022-May/010930.html
E-Mail link for SUSE-SU-2022:1524-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1188926
SUSE Bug 1188926
https://www.suse.com/security/cve/CVE-2021-3639/
SUSE CVE CVE-2021-3639 page

Описание

A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.

Затронутые продукты

SUSE Enterprise Storage 7:apache2-mod_auth_mellon-0.17.0-150200.5.7.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:apache2-mod_auth_mellon-0.17.0-150200.5.7.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache2-mod_auth_mellon-0.17.0-150200.5.7.1

SUSE Linux Enterprise Module for Server Applications 15 SP3:apache2-mod_auth_mellon-0.17.0-150200.5.7.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-3639.html
CVE-2021-3639
https://bugzilla.suse.com/1188926
SUSE Bug 1188926

SUSE-SU-2022:1524-1

Описание

Список пакетов

SUSE Enterprise Storage 7

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise Module for Server Applications 15 SP3

SUSE Linux Enterprise Real Time 15 SP2

SUSE Linux Enterprise Server 15 SP2-BCL

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Manager Proxy 4.1

SUSE Manager Retail Branch Server 4.1

SUSE Manager Server 4.1

openSUSE Leap 15.3

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2021-3639

Описание

Затронутые продукты

Ссылки