(RHSA-2022:1823) Moderate: mod_auth_openidc:2.3 security update

2022-05-1006:30:32

access.redhat.com

0.002 Low

EPSS

Percentile

61.4%

JSON

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Security Fix(es):

mod_auth_openidc: open redirect in oidc_validate_redirect_url() (CVE-2021-32786)
mod_auth_openidc: hardcoded static IV and AAD with a reused key in AES GCM encryption (CVE-2021-32791)
mod_auth_openidc: XSS when using OIDCPreservePost On (CVE-2021-32792)
mod_auth_openidc: open redirect due to target_link_uri parameter not validated (CVE-2021-39191)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyaarch64mod_auth_openidc-debugsource< 2.3.7-11.module+el8.6.0+14082+b6f23e95mod_auth_openidc-debugsource-2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64.rpm
RedHatanyx86_64cjose-debuginfo< 0.6.1-2.module+el8+2454+f890a43acjose-debuginfo-0.6.1-2.module+el8+2454+f890a43a.x86_64.rpm
RedHatanyppc64lecjose-devel< 0.6.1-2.module+el8+2454+f890a43acjose-devel-0.6.1-2.module+el8+2454+f890a43a.ppc64le.rpm
RedHatanyx86_64cjose-devel< 0.6.1-2.module+el8+2454+f890a43acjose-devel-0.6.1-2.module+el8+2454+f890a43a.x86_64.rpm
RedHatanyx86_64mod_auth_openidc< 2.3.7-11.module+el8.6.0+14082+b6f23e95mod_auth_openidc-2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64.rpm
RedHatanyppc64lecjose-debugsource< 0.6.1-2.module+el8+2454+f890a43acjose-debugsource-0.6.1-2.module+el8+2454+f890a43a.ppc64le.rpm
RedHatanyaarch64cjose< 0.6.1-2.module+el8+2454+f890a43acjose-0.6.1-2.module+el8+2454+f890a43a.aarch64.rpm
RedHatanyppc64lemod_auth_openidc-debugsource< 2.3.7-11.module+el8.6.0+14082+b6f23e95mod_auth_openidc-debugsource-2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le.rpm
RedHatanyppc64lemod_auth_openidc< 2.3.7-11.module+el8.6.0+14082+b6f23e95mod_auth_openidc-2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le.rpm
RedHatanys390xmod_auth_openidc-debuginfo< 2.3.7-11.module+el8.6.0+14082+b6f23e95mod_auth_openidc-debuginfo-2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	aarch64	mod_auth_openidc-debugsource	< 2.3.7-11.module+el8.6.0+14082+b6f23e95	mod_auth_openidc-debugsource-2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64.rpm
RedHat	any	x86_64	cjose-debuginfo	< 0.6.1-2.module+el8+2454+f890a43a	cjose-debuginfo-0.6.1-2.module+el8+2454+f890a43a.x86_64.rpm
RedHat	any	ppc64le	cjose-devel	< 0.6.1-2.module+el8+2454+f890a43a	cjose-devel-0.6.1-2.module+el8+2454+f890a43a.ppc64le.rpm
RedHat	any	x86_64	cjose-devel	< 0.6.1-2.module+el8+2454+f890a43a	cjose-devel-0.6.1-2.module+el8+2454+f890a43a.x86_64.rpm
RedHat	any	x86_64	mod_auth_openidc	< 2.3.7-11.module+el8.6.0+14082+b6f23e95	mod_auth_openidc-2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64.rpm
RedHat	any	ppc64le	cjose-debugsource	< 0.6.1-2.module+el8+2454+f890a43a	cjose-debugsource-0.6.1-2.module+el8+2454+f890a43a.ppc64le.rpm
RedHat	any	aarch64	cjose	< 0.6.1-2.module+el8+2454+f890a43a	cjose-0.6.1-2.module+el8+2454+f890a43a.aarch64.rpm
RedHat	any	ppc64le	mod_auth_openidc-debugsource	< 2.3.7-11.module+el8.6.0+14082+b6f23e95	mod_auth_openidc-debugsource-2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le.rpm
RedHat	any	ppc64le	mod_auth_openidc	< 2.3.7-11.module+el8.6.0+14082+b6f23e95	mod_auth_openidc-2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le.rpm
RedHat	any	s390x	mod_auth_openidc-debuginfo	< 2.3.7-11.module+el8.6.0+14082+b6f23e95	mod_auth_openidc-debuginfo-2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x.rpm

Rows per page:

1-10 of 281

(RHSA-2022:1823) Moderate: mod_auth_openidc:2.3 security update

Related