Advisories » MGASA-2020-0129

Updated apache-mod_auth_openidc packages fix security vulnerability

Publication date: 06 Mar 2020
Modification date: 06 Mar 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-20479

Description

The updated package fixes a security vulnerability:

A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect
issue exists in URLs with a slash and backslash at the beginning. 
(CVE-2019-20479)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26289
• https://www.debian.org/lts/security/2020/dla-2130
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20479

SRPMS

7/core

• apache-mod_auth_openidc-2.3.2-2.2.mga7