Oval Definition:	oval:org.opensuse.security:def:69143
Revision Date: 2021-09-13 Version: 1 Title: Security update for apache2-mod_auth_openidc (Moderate) Description: This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2021-32785: format string bug via hiredis (bsc#1188638) - CVE-2021-32786: open redirect in logout functionality (bsc#1188639) - CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption (bsc#1188849) - CVE-2021-32792: XSS when using OIDCPreservePost On (bsc#1188848) Family: unix Class: patch Status: Reference(s): 1149954 1160452 1171252 1171254 1188638 1188639 1188848 1188849 CVE-2019-19921 CVE-2020-12653 CVE-2020-12654 CVE-2021-32785 CVE-2021-32786 CVE-2021-32791 CVE-2021-32792 SUSE-SU-2020:0944-1 SUSE-SU-2021:3020-1 Platform(s): SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 Product(s): Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND Package Information runc-1.0.0~rc10-1.9 is installed OR runc-test-1.0.0~rc10-1.9 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-livepatch-4_12_14-197_15-default-7-2 is installed OR kernel-livepatch-SLE15-SP1_Update_4-7-2 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP3 is installed AND apache2-mod_auth_openidc-2.3.8-3.15.1 is installed
BACK