SUSE-SU-2021:3352-1 Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: - CVE-2021-32785: format string bug via hiredis bsc1188638 - CVE-2021-32786: open redirect in logout functionality bsc1188639 - CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption bsc1188849 -...

PT-2020-10464 · Apache +5 · Mod Auth Openidc +5

Name of the Vulnerable Software and Affected Versions: mod auth openidc versions prior to 2.4.1 Description: A flaw exists in the handling of URLs with a slash and backslash at the beginning, leading to an open redirect issue. Recommendations: For versions prior to 2.4.1, update to version 2.4.1 ...