QID 240273
Date Published: 2022-05-12
QID 240273: Red Hat Update for mod_auth_openidc:2.3 (RHSA-2022:1823)
the mod_auth_openidc is an openid connect authentication module for apache http server.
It enables an apache http server to operate as an openid connect relying party and/or oauth 2.0 resource server.
- mod_auth_openidc: open redirect in oidc_validate_redirect_url() (cve-2021-32786)
- mod_auth_openidc: hardcoded static iv and aad with a reused key in aes gcm encryption (cve-2021-32791)
- mod_auth_openidc: xss when using oidcpreservepost on (cve-2021-32792)
- mod_auth_openidc: open redirect due to target_link_uri parameter not validated (cve-2021-39191)
Affected Products:
- Red Hat enterprise linux for x86_64 8 x86_64
- Red Hat enterprise linux for ibm z systems 8 s390x
- Red Hat enterprise linux for power, little endian 8 ppc64le
- Red Hat enterprise linux for arm 64 8 aarch64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:1823 for updates and patch information.
Vendor References
- RHSA-2022:1823 -
access.redhat.com/errata/RHSA-2022:1823
CVEs related to QID 240273
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| RHSA-2022:1823 | Red Hat Enterprise Linux |
access.redhat.com/errata/RHSA-2022:1823 |