SUSE-SU-2022:1524-1

UNKNOWN

Security update for apache2-mod_auth_mellon

Published May 4, 2022

Modified 3 years ago

Fix available

Details

This update for apache2-mod_auth_mellon fixes the following issues:

CVE-2021-3639: Fixed open Redirect vulnerability in logout URLs (bsc#1188926)

Affected Packages

apache2-mod_auth_mellon

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Module for Server Applications 15 SP3SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

0.17.0-150200.5.7.1

apache2-mod_auth_mellon-diagnostics

SUSE Linux Enterprise Module for Server Applications 15 SP3openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

0.17.0-150200.5.7.1

apache2-mod_auth_mellon-doc

SUSE Linux Enterprise Module for Server Applications 15 SP3openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

0.17.0-150200.5.7.1

References

REPORT

https://bugzilla.suse.com/1188926

WEB

https://www.suse.com/security/cve/CVE-2021-3639

ADVISORY

https://www.suse.com/support/update/announcement/2022/suse-su-20221524-1/

Upstream

CVE-2021-3639

Ecosystems(13)

SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Real Time 15 SP2

Timeline

PublishedMay 4, 2022

ModifiedMay 4, 2022