mod_auth_openidc (SL7)

By Scientific Linux Team on August 26, 2019

Synopsis: Moderate: mod_auth_openidc security update
Advisory ID: SLSA-2019:2112-1
Issue Date: 2019-08-06
CVE Numbers: CVE-2017-6413
CVE-2017-6059

Security Fix(es):

* mod_auth_openidc: OIDC_CLAIM and OIDCAuthNHeader not skipped in an
“AuthType oauth20” configuration (CVE-2017-6413)

* mod_auth_openidc: Shows user-supplied content on error pages
(CVE-2017-6059)

SL7
x86_64
mod_auth_openidc-1.8.8-5.el7.x86_64.rpm
mod_auth_openidc-debuginfo-1.8.8-5.el7.x86_64.rpm

– Scientific Linux Development Team