-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libapache2-mod-auth-openidc Version : 1.6.0-1+deb8u2 CVE ID : CVE-2019-14857 Debian Bug : 942165
A security vulnerability was found in libapache2-mod-auth-openidc, the OpenID Connect authentication module for the Apache HTTP server. Insufficient validation of URLs leads to an Open Redirect vulnerability. An attacker may trick a victim into providing credentials for an OpenID provider by forwarding the request to an illegitimate website. For Debian 8 "Jessie", this problem has been fixed in version 1.6.0-1+deb8u2. We recommend that you upgrade your libapache2-mod-auth-openidc packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl3St1VfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQpVhAAgrgDGlRsAT41bizUIXnTw5q827sPRy1ed+gCwxBFFj9L/IEUmsTNPREr 5B30a1tisys7qiyV7zOocKTiI53IzMIGqNZSLj/eO+i8u8FlCXGWFbQjoJ3IGD1J lBmxxHTX6JuZRoZpN2ZI0Xu9yV5Mg3BZv0EwK6UR+obBZ/Bk0ge9leKj4ddSj9+9 S5CIZTFu4Y2NAfK2WwmGVZWyPXiClXyW0tmnEHl/yNzmWqw8rA2DOejsQ1XdqLiw 2wzz5l5PSzRozxLfW4ktgJorXpWLfryP31u8MglqwcZNHsMrlxqgHS4is+6hEgST 7uvFbgJD9OpTBpF/GvxTAqUpH0ewERcz/g9ENs6yHYTohkH9rjoQEHR6p4sjy8Id nAnvXG1q69IK7/nelgZso6Xp68uuN2MjLM0RD55IJ7B5cygB2+CU55/uCS+LNnNI mPQ9otTi0hgeja4V/M1S/9JPQWk/DHLX753Zx+/0L6B0pivDhhc3iq6pFrLEb7oy lHiU1I/Wjxnm5Nr4ec0wgz2AtkLrsTpFaiaaifAH5g4rP9g0NgC3dWLPwd4wXIur lT1mEJyVeso9xWKTX4Fm/wUj9/sNiHzNcQ7Y903ihMnlEFdSdtYjvwH53+1CNi/J v2WwjHn3ZcPzRI9YLoSgmqIMRuff+awixMvR38kNd6G7vzDLj7I= =hh/m -----END PGP SIGNATURE-----
