Synopsis:          Low: mod_auth_openidc security update
Advisory ID:       SLSA-2020:3970-1
Issue Date:        2020-10-01
CVE Numbers:       CVE-2019-20479
                   CVE-2019-14857
--

Security Fix(es):

* mod_auth_openidc: Open redirect in logout url when using URLs with
leading slashes (CVE-2019-14857)

* mod_auth_openidc: Open redirect issue exists in URLs with slash and
backslash (CVE-2019-20479)
--

SL7
  x86_64
    mod_auth_openidc-1.8.8-7.el7.x86_64.rpm
    mod_auth_openidc-debuginfo-1.8.8-7.el7.x86_64.rpm

- Scientific Linux Development Team