Lucene search
SuseOPENSUSE-SU-2021:1277-1HistorySep 16, 2021 - 12:00 a.m.
Security update for apache2-mod_auth_openidc (moderate)
2021-09-1600:00:00
lists.opensuse.org
25
0.005 Low
EPSS
Percentile
77.1%
An update that fixes four vulnerabilities is now available.
Description:
This update for apache2-mod_auth_openidc fixes the following issues:
- CVE-2021-32785: format string bug via hiredis (bsc#1188638)
- CVE-2021-32786: open redirect in logout functionality (bsc#1188639)
- CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM
encryption (bsc#1188849) - CVE-2021-32792: XSS when using OIDCPreservePost On (bsc#1188848)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1277=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 15.2 | x86_64 | < - openSUSE Leap 15.2 (x86_64): | - openSUSE Leap 15.2 (x86_64):.x86_64.rpm |
Related
nessus
nessus
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:3020-1)
2021-09-23 00:00:00
Mageia: Security Advisory (MGASA-2021-0452)
2022-01-28 00:00:00
suse
suse
Security update for apache2-mod_auth_openidc (moderate)
2021-09-13 00:00:00
mageia
mageia
Updated apache-mod_auth_openidc packages fix security vulnerability
2021-10-02 21:57:04
fedora
fedora
[SECURITY] Fedora 33 Update: mod_auth_openidc-2.4.9-1.fc33
2021-08-08 01:08:40
[SECURITY] Fedora 34 Update: mod_auth_openidc-2.4.9-1.fc34
2021-08-08 01:05:24
f5
f5
debian
debian
[SECURITY] [DLA 3409-1] libapache2-mod-auth-openidc security update
2023-04-30 21:14:15
oraclelinux
oraclelinux
mod_auth_openidc:2.3 security update
2022-05-17 00:00:00
osv
osv
Moderate: mod_auth_openidc:2.3 security update
2022-05-10 06:30:32
Moderate: mod_auth_openidc:2.3 security update
2022-05-10 06:30:32
libapache2-mod-auth-openidc - security update
2023-04-30 00:00:00
rocky
rocky
mod_auth_openidc:2.3 security update
2022-05-10 06:30:32
almalinux
almalinux
Moderate: mod_auth_openidc:2.3 security update
2022-05-10 06:30:32
redhat
redhat
(RHSA-2022:1823) Moderate: mod_auth_openidc:2.3 security update
2022-05-10 06:30:32
cvelist
cvelist
CVE-2021-32791 Hardcoded static IV and AAD with a reused key in AES GCM encryption in mod_auth_openidc
2021-07-26 00:00:00
CVE-2021-32785 Format string bug in the Redis cache implementation
2021-07-22 00:00:00
CVE-2021-32786 Open Redirect in oidc_validate_redirect_url()
2021-07-22 00:00:00
ubuntucve
ubuntucve
prion
prion
Authentication flaw
2021-07-26 17:15:00
Open redirect
2021-07-22 22:15:00
Format string
2021-07-22 22:15:00
debiancve
debiancve
nvd
nvd
cve
cve
cbl_mariner
cbl_mariner
CVE-2021-32785 affecting package httpd for versions less than 2.4.52-1
2022-04-09 06:51:57
CVE-2021-32786 affecting package httpd for versions less than 2.4.52-1
2022-04-09 06:51:57
CVE-2021-32791 affecting package httpd for versions less than 2.4.52-1
2022-04-09 06:51:57
veracode
veracode
Insecure Cryptographic Function
2021-08-06 08:24:48
Denial Of Service
2021-08-06 08:24:43
Privilege Escalation
2021-08-06 08:24:43
redhatcve
redhatcve
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00