Oval Definition:	oval:org.opensuse.security:def:111063
Revision Date: 2021-09-16 Version: 1 Title: Security update for apache2-mod_auth_openidc (Moderate) Description: This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2021-32785: format string bug via hiredis (bsc#1188638) - CVE-2021-32786: open redirect in logout functionality (bsc#1188639) - CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption (bsc#1188849) - CVE-2021-32792: XSS when using OIDCPreservePost On (bsc#1188848) This update was imported from the SUSE:SLE-15-SP1:Update update project. Family: unix Class: patch Status: Reference(s): 1188638 1188639 1188848 1188849 CVE-2021-32785 CVE-2021-32786 CVE-2021-32791 CVE-2021-32792 openSUSE-SU-2021:1277-1 Platform(s): openSUSE Leap 15.2 Product(s): Definition Synopsis openSUSE Leap 15.2 is installed AND apache2-mod_auth_openidc-2.3.8-lp152.5.6.1 is installed
BACK