Description:
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
Security Fix(es):
* mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes (CVE-2019-14857)
* mod_auth_openidc: Open redirect issue exists in URLs with slash and backslash (CVE-2019-20479)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Module stream mod_auth_openidc:2.3 does not have correct module.md file (BZ#1844107)
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
cjose-devel-0.6.1-2.module_el8.6.0+2868+44838709.aarch64.rpm |
2461cb7f95c6935b655d0941e4ced158d778f40d2e04c1393002b6f489cd5b4c |
| aarch64 |
cjose-0.6.1-2.module_el8.6.0+2868+44838709.aarch64.rpm |
9b45898281812647cf6f74810e7482902428b27da6aa67a8c18643b93066fd18 |
| ppc64le |
cjose-0.6.1-2.module_el8.6.0+2868+44838709.ppc64le.rpm |
50f9f0edf053f773e0afd8aaa44a95335d0b46cd887cfaba84036c926a7f9e6f |
| ppc64le |
cjose-devel-0.6.1-2.module_el8.6.0+2868+44838709.ppc64le.rpm |
83b16fcde70e30fb06e00e472b418dbc8d18ffbb2d31e590d1193adf7e18ff23 |
| x86_64 |
cjose-0.6.1-2.module_el8.6.0+2868+44838709.x86_64.rpm |
455d8b76e53798d4f7bffc9a2ac9b1431087d6e9e45c11bcabdca784053809c9 |
| x86_64 |
cjose-devel-0.6.1-2.module_el8.6.0+2868+44838709.x86_64.rpm |
6d5860007d189cf452f0cd7f520154480c2e65ac40ca5333636efb2c68135bea |
