[ol9_appstream] mod_auth_openidc-2.4.9.4-1.el9.x86_64

Name:	mod_auth_openidc
Version:	2.4.9.4
Release:	1.el9
Architecture:	x86_64
Group:	Unspecified
Size:	596483
License:	ASL 2.0
RPM:	mod_auth_openidc-2.4.9.4-1.el9.x86_64.rpm
Source RPM:	mod_auth_openidc-2.4.9.4-1.el9.src.rpm
Build Date:	Thu May 05 2022
Build Host:	build-ol9-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://github.com/zmartzone/mod_auth_openidc
Summary:	OpenID Connect auth module for Apache HTTP Server
Description:	This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Changelog (Show File list) (Show related packages)

Tue Nov 30 2021 Tomas Halman <thalman@redhat.com> - 2.4.9.4-1

- Resolves: rhbz#2001852 - CVE-2021-39191 mod_auth_openidc: open redirect
                           by supplying a crafted URL in the target_link_uri
                           parameter

Fri Jul 30 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.4.9.1-1

- Resolves: rhbz#1987223 - CVE-2021-32792 mod_auth_openidc: XSS when using
                           OIDCPreservePost On [rhel-9.0]
- Resolves: rhbz#1987217 - CVE-2021-32791 mod_auth_openidc: hardcoded
                           static IV and AAD with a reused key in AES GCM
                           encryption [rhel-9.0]
- Resolves: rhbz#1987204 - CVE-2021-32786 mod_auth_openidc: open redirect in
                           oidc_validate_redirect_url() [rhel-9.0]