{"id":"MGASA-2021-0452","summary":"Updated apache-mod_auth_openidc packages fix security vulnerability","details":"In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse\nURLs the same way as most browsers do. As a result, this function can be\nbypassed and leads to an Open Redirect vulnerability in the logout\nfunctionality. (CVE-2021-32786)\n\nIn mod_auth_openidc before version 2.4.9, the AES GCM encryption in\nmod_auth_openidc uses a static IV and AAD. It is important to fix because\nthis creates a static nonce and since aes-gcm is a stream cipher, this can\nlead to known cryptographic issues, since the same key is being reused.\n(CVE-2021-32791)\n\nIn mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in\nwhen using `OIDCPreservePost On`. (CVE-2021-32792)\n","modified":"2026-02-04T03:00:08.578141Z","published":"2021-10-02T18:57:04Z","related":["CVE-2021-32785","CVE-2021-32786","CVE-2021-32791","CVE-2021-32792"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0452.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29344"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FZVF6BSJLRQZ7PFFR4X5JSU6KUJYNOCU/"},{"type":"REPORT","url":"https://lists.suse.com/pipermail/sle-security-updates/2021-September/009431.html"},{"type":"REPORT","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/54B4RYNP5L63X2FMX2QCVYB2LGLL42IY/"}],"affected":[{"package":{"name":"apache-mod_auth_openidc","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/apache-mod_auth_openidc?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.9.4-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0452.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}