LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis: Moderate: mod_auth_openidc security update
Advisory ID:       SLSA-2019:2112-1
Issue Date:        2019-08-06
CVE Numbers:       CVE-2017-6413
                   CVE-2017-6059
--

Security Fix(es):

* mod_auth_openidc: OIDC_CLAIM and OIDCAuthNHeader not skipped in an
"AuthType oauth20" configuration (CVE-2017-6413)

* mod_auth_openidc: Shows user-supplied content on error pages
(CVE-2017-6059)
--

SL7
  x86_64
    mod_auth_openidc-1.8.8-5.el7.x86_64.rpm
    mod_auth_openidc-debuginfo-1.8.8-5.el7.x86_64.rpm

- Scientific Linux Development Team