Synopsis: Low: mod_auth_openidc security update
Advisory ID: SLSA-2020:3970-1
Issue Date: 2020-10-01
CVE Numbers: CVE-2019-20479
CVE-2019-14857
—
Security Fix(es):
* mod_auth_openidc: Open redirect in logout url when using URLs with
leading slashes (CVE-2019-14857)
* mod_auth_openidc: Open redirect issue exists in URLs with slash and
backslash (CVE-2019-20479)
—
SL7
x86_64
mod_auth_openidc-1.8.8-7.el7.x86_64.rpm
mod_auth_openidc-debuginfo-1.8.8-7.el7.x86_64.rpm
– Scientific Linux Development Team
