概要
Moderate: mod_auth_openidc:2.3 security and bug fix update
タイプ/重大度
Security Advisory: Moderate
トピック
An update for the mod_auth_openidc:2.3 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
説明
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
Security Fix(es):
- mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes (CVE-2019-14857)
- mod_auth_openidc: Open redirect issue exists in URLs with slash and backslash (CVE-2019-20479)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Module stream mod_auth_openidc:2.3 does not have correct module.md file (BZ#1844107)
解決法
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
影響を受ける製品
-
Red Hat Enterprise Linux for x86_64 8 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
-
Red Hat Enterprise Linux Server - AUS 8.2 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 8 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
-
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
-
Red Hat Enterprise Linux Server - TUS 8.2 x86_64
-
Red Hat Enterprise Linux for ARM 64 8 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
-
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
-
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
修正
- BZ - 1760613 - CVE-2019-14857 mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes
- BZ - 1805102 - CVE-2019-20479 mod_auth_openidc: Open redirect issue exists in URLs with slash and backslash
- BZ - 1844107 - Module stream mod_auth_openidc:2.3 does not have correct module.md file [rhel-8.2.0.z]
CVE
参考資料