Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-28625 (GCVE-0-2023-28625)
Vulnerability from cvelistv5 – Published: 2023-04-03 13:19 – Updated: 2025-02-13 16:48
VLAI
EPSS
Title
mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied
Summary
mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.
Severity
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
7 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenIDC | mod_auth_openidc |
Affected:
>= 2.0.0, < 2.4.13.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr"
},
{
"name": "https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a"
},
{
"name": "https://github.com/OpenIDC/mod_auth_openidc/blame/3f11976dab56af0a46a7dddb7a275cc16d6eb726/src/mod_auth_openidc.c#L178-L179",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenIDC/mod_auth_openidc/blame/3f11976dab56af0a46a7dddb7a275cc16d6eb726/src/mod_auth_openidc.c#L178-L179"
},
{
"name": "https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.13.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.13.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5405"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBKFC22PDH6UXMSZ23PHTD7736ZC7BB/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28625",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:56:43.295806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:57:04.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mod_auth_openidc",
"vendor": "OpenIDC",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.4.13.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-31T19:06:16.794Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr"
},
{
"name": "https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a"
},
{
"name": "https://github.com/OpenIDC/mod_auth_openidc/blame/3f11976dab56af0a46a7dddb7a275cc16d6eb726/src/mod_auth_openidc.c#L178-L179",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenIDC/mod_auth_openidc/blame/3f11976dab56af0a46a7dddb7a275cc16d6eb726/src/mod_auth_openidc.c#L178-L179"
},
{
"name": "https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.13.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.13.2"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html"
},
{
"url": "https://www.debian.org/security/2023/dsa-5405"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBKFC22PDH6UXMSZ23PHTD7736ZC7BB/"
}
],
"source": {
"advisory": "GHSA-f5xw-rvfr-24qr",
"discovery": "UNKNOWN"
},
"title": "mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28625",
"datePublished": "2023-04-03T13:19:40.422Z",
"dateReserved": "2023-03-20T12:19:47.206Z",
"dateUpdated": "2025-02-13T16:48:46.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-28625",
"date": "2026-05-30",
"epss": "0.00113",
"percentile": "0.296"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-28625\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-04-03T14:15:07.507\",\"lastModified\":\"2025-04-10T20:46:37.130\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openidc:mod_auth_openidc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.4.13.2\",\"matchCriteriaId\":\"F0E563D6-BFEA-48EF-ACFA-D746A2E78902\"}]}]}],\"references\":[{\"url\":\"https://github.com/OpenIDC/mod_auth_openidc/blame/3f11976dab56af0a46a7dddb7a275cc16d6eb726/src/mod_auth_openidc.c#L178-L179\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.13.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBKFC22PDH6UXMSZ23PHTD7736ZC7BB/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5405\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/OpenIDC/mod_auth_openidc/blame/3f11976dab56af0a46a7dddb7a275cc16d6eb726/src/mod_auth_openidc.c#L178-L179\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.13.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBKFC22PDH6UXMSZ23PHTD7736ZC7BB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5405\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr\", \"name\": \"https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a\", \"name\": \"https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/OpenIDC/mod_auth_openidc/blame/3f11976dab56af0a46a7dddb7a275cc16d6eb726/src/mod_auth_openidc.c#L178-L179\", \"name\": \"https://github.com/OpenIDC/mod_auth_openidc/blame/3f11976dab56af0a46a7dddb7a275cc16d6eb726/src/mod_auth_openidc.c#L178-L179\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.13.2\", \"name\": \"https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.13.2\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5405\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBKFC22PDH6UXMSZ23PHTD7736ZC7BB/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T13:43:23.184Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-28625\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-11T15:56:43.295806Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-11T15:56:14.652Z\"}}], \"cna\": {\"title\": \"mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied\", \"source\": {\"advisory\": \"GHSA-f5xw-rvfr-24qr\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"OpenIDC\", \"product\": \"mod_auth_openidc\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 2.0.0, \u003c 2.4.13.2\"}]}], \"references\": [{\"url\": \"https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr\", \"name\": \"https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a\", \"name\": \"https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OpenIDC/mod_auth_openidc/blame/3f11976dab56af0a46a7dddb7a275cc16d6eb726/src/mod_auth_openidc.c#L178-L179\", \"name\": \"https://github.com/OpenIDC/mod_auth_openidc/blame/3f11976dab56af0a46a7dddb7a275cc16d6eb726/src/mod_auth_openidc.c#L178-L179\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.13.2\", \"name\": \"https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.13.2\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5405\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBKFC22PDH6UXMSZ23PHTD7736ZC7BB/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.\\n\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476: NULL Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-04-03T13:19:40.422Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-28625\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-11T15:57:04.485Z\", \"dateReserved\": \"2023-03-20T12:19:47.206Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-04-03T13:19:40.422Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
SUSE-SU-2023:1849-1
Vulnerability from csaf_suse - Published: 2023-04-14 12:21 - Updated: 2023-04-14 12:21Summary
Security update for apache2-mod_auth_openidc
Severity
Important
Notes
Title of the patch: Security update for apache2-mod_auth_openidc
Description of the patch: This update for apache2-mod_auth_openidc fixes the following issues:
- CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied (bsc#1210073).
Patchnames: SUSE-2023-1849,SUSE-SLE-Module-Server-Applications-15-SP4-2023-1849,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1849,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1849,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1849,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1849,SUSE-SLE-Product-RT-15-SP3-2023-1849,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1849,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1849,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1849,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1849,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1849,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1849,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1849,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1849,SUSE-Storage-7-2023-1849,SUSE-Storage-7.1-2023-1849,openSUSE-SLE-15.4-2023-1849
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2-mod_auth_openidc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2-mod_auth_openidc fixes the following issues:\n\n- CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied (bsc#1210073).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-1849,SUSE-SLE-Module-Server-Applications-15-SP4-2023-1849,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1849,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1849,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1849,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1849,SUSE-SLE-Product-RT-15-SP3-2023-1849,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1849,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1849,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1849,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1849,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1849,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1849,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1849,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1849,SUSE-Storage-7-2023-1849,SUSE-Storage-7.1-2023-1849,openSUSE-SLE-15.4-2023-1849",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_1849-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:1849-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20231849-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:1849-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-April/028818.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210073",
"url": "https://bugzilla.suse.com/1210073"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28625 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28625/"
}
],
"title": "Security update for apache2-mod_auth_openidc",
"tracking": {
"current_release_date": "2023-04-14T12:21:53Z",
"generator": {
"date": "2023-04-14T12:21:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:1849-1",
"initial_release_date": "2023-04-14T12:21:53Z",
"revision_history": [
{
"date": "2023-04-14T12:21:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"product": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"product_id": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.i586",
"product": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.i586",
"product_id": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"product": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"product_id": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"product": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"product_id": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"product": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"product_id": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Real Time 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Real Time 15 SP3",
"product_id": "SUSE Linux Enterprise Real Time 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_rt:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 as component of SUSE Linux Enterprise Real Time 15 SP3",
"product_id": "SUSE Linux Enterprise Real Time 15 SP3:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 as component of SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28625"
}
],
"notes": [
{
"category": "general",
"text": "mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Enterprise Storage 7.1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Enterprise Storage 7:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Enterprise Storage 7:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Manager Proxy 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Manager Server 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Manager Server 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"SUSE Manager Server 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28625",
"url": "https://www.suse.com/security/cve/CVE-2023-28625"
},
{
"category": "external",
"summary": "SUSE Bug 1210073 for CVE-2023-28625",
"url": "https://bugzilla.suse.com/1210073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Enterprise Storage 7.1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Enterprise Storage 7:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Enterprise Storage 7:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Manager Proxy 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Manager Server 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Manager Server 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"SUSE Manager Server 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Enterprise Storage 7.1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Enterprise Storage 7:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Enterprise Storage 7:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Manager Proxy 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"SUSE Manager Server 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"SUSE Manager Server 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"SUSE Manager Server 4.2:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64",
"openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.aarch64",
"openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.ppc64le",
"openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.s390x",
"openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-04-14T12:21:53Z",
"details": "important"
}
],
"title": "CVE-2023-28625"
}
]
}
SUSE-SU-2025:4532-1
Vulnerability from csaf_suse - Published: 2025-12-29 13:53 - Updated: 2025-12-29 13:53Summary
Security update for apache2-mod_auth_openidc
Severity
Important
Notes
Title of the patch: Security update for apache2-mod_auth_openidc
Description of the patch: This update for apache2-mod_auth_openidc fixes the following issues:
- Update to 2.4.17.1 (bsc#1248806 / PED-14130).
- Remove many patches, as they've been merged upstream.
Patchnames: SUSE-2025-4532,SUSE-SLE-Module-Server-Applications-15-SP6-2025-4532,SUSE-SLE-Module-Server-Applications-15-SP7-2025-4532,openSUSE-SLE-15.6-2025-4532
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.3 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.7 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4.7 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
41 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2-mod_auth_openidc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2-mod_auth_openidc fixes the following issues:\n\n- Update to 2.4.17.1 (bsc#1248806 / PED-14130).\n- Remove many patches, as they\u0027ve been merged upstream.\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4532,SUSE-SLE-Module-Server-Applications-15-SP6-2025-4532,SUSE-SLE-Module-Server-Applications-15-SP7-2025-4532,openSUSE-SLE-15.6-2025-4532",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4532-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4532-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254532-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4532-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023659.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248806",
"url": "https://bugzilla.suse.com/1248806"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14857 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-20479 page",
"url": "https://www.suse.com/security/cve/CVE-2019-20479/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32785 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32786 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32791 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32792 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39191 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23527 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23527/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28625 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24814 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31492 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3891 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3891/"
}
],
"title": "Security update for apache2-mod_auth_openidc",
"tracking": {
"current_release_date": "2025-12-29T13:53:59Z",
"generator": {
"date": "2025-12-29T13:53:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4532-1",
"initial_release_date": "2025-12-29T13:53:59Z",
"revision_history": [
{
"date": "2025-12-29T13:53:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"product": {
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"product_id": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.i586",
"product": {
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.i586",
"product_id": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"product": {
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"product_id": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"product": {
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"product_id": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"product": {
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"product_id": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64"
},
"product_reference": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le"
},
"product_reference": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x"
},
"product_reference": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64"
},
"product_reference": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le"
},
"product_reference": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x"
},
"product_reference": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64"
},
"product_reference": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le"
},
"product_reference": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x"
},
"product_reference": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-14857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14857"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14857",
"url": "https://www.suse.com/security/cve/CVE-2019-14857"
},
{
"category": "external",
"summary": "SUSE Bug 1153666 for CVE-2019-14857",
"url": "https://bugzilla.suse.com/1153666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-29T13:53:59Z",
"details": "important"
}
],
"title": "CVE-2019-14857"
},
{
"cve": "CVE-2019-20479",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-20479"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-20479",
"url": "https://www.suse.com/security/cve/CVE-2019-20479"
},
{
"category": "external",
"summary": "SUSE Bug 1164459 for CVE-2019-20479",
"url": "https://bugzilla.suse.com/1164459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-29T13:53:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-20479"
},
{
"cve": "CVE-2021-32785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32785"
}
],
"notes": [
{
"category": "general",
"text": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32785",
"url": "https://www.suse.com/security/cve/CVE-2021-32785"
},
{
"category": "external",
"summary": "SUSE Bug 1188638 for CVE-2021-32785",
"url": "https://bugzilla.suse.com/1188638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-29T13:53:59Z",
"details": "moderate"
}
],
"title": "CVE-2021-32785"
},
{
"cve": "CVE-2021-32786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32786"
}
],
"notes": [
{
"category": "general",
"text": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. This bug has been fixed in version 2.4.9 by replacing any backslash of the URL to redirect with slashes to address a particular breaking change between the different specifications (RFC2396 / RFC3986 and WHATWG). As a workaround, this vulnerability can be mitigated by configuring `mod_auth_openidc` to only allow redirection whose destination matches a given regular expression.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32786",
"url": "https://www.suse.com/security/cve/CVE-2021-32786"
},
{
"category": "external",
"summary": "SUSE Bug 1188639 for CVE-2021-32786",
"url": "https://bugzilla.suse.com/1188639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-29T13:53:59Z",
"details": "moderate"
}
],
"title": "CVE-2021-32786"
},
{
"cve": "CVE-2021-32791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32791"
}
],
"notes": [
{
"category": "general",
"text": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32791",
"url": "https://www.suse.com/security/cve/CVE-2021-32791"
},
{
"category": "external",
"summary": "SUSE Bug 1188849 for CVE-2021-32791",
"url": "https://bugzilla.suse.com/1188849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-29T13:53:59Z",
"details": "moderate"
}
],
"title": "CVE-2021-32791"
},
{
"cve": "CVE-2021-32792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32792"
}
],
"notes": [
{
"category": "general",
"text": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32792",
"url": "https://www.suse.com/security/cve/CVE-2021-32792"
},
{
"category": "external",
"summary": "SUSE Bug 1188848 for CVE-2021-32792",
"url": "https://bugzilla.suse.com/1188848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-29T13:53:59Z",
"details": "low"
}
],
"title": "CVE-2021-32792"
},
{
"cve": "CVE-2021-39191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39191"
}
],
"notes": [
{
"category": "general",
"text": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39191",
"url": "https://www.suse.com/security/cve/CVE-2021-39191"
},
{
"category": "external",
"summary": "SUSE Bug 1190223 for CVE-2021-39191",
"url": "https://bugzilla.suse.com/1190223"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-29T13:53:59Z",
"details": "moderate"
}
],
"title": "CVE-2021-39191"
},
{
"cve": "CVE-2022-23527",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23527"
}
],
"notes": [
{
"category": "general",
"text": "mod_auth_openidc is an OpenID Certified(tm) authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23527",
"url": "https://www.suse.com/security/cve/CVE-2022-23527"
},
{
"category": "external",
"summary": "SUSE Bug 1206441 for CVE-2022-23527",
"url": "https://bugzilla.suse.com/1206441"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-29T13:53:59Z",
"details": "moderate"
}
],
"title": "CVE-2022-23527"
},
{
"cve": "CVE-2023-28625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28625"
}
],
"notes": [
{
"category": "general",
"text": "mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28625",
"url": "https://www.suse.com/security/cve/CVE-2023-28625"
},
{
"category": "external",
"summary": "SUSE Bug 1210073 for CVE-2023-28625",
"url": "https://bugzilla.suse.com/1210073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-29T13:53:59Z",
"details": "important"
}
],
"title": "CVE-2023-28625"
},
{
"cve": "CVE-2024-24814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24814"
}
],
"notes": [
{
"category": "general",
"text": "mod_auth_openidc is an OpenID Certified(tm) authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable to a denial of service (DoS) attack. An internal security audit has been conducted and the reviewers found that if they manipulated the value of the mod_auth_openidc_session_chunks cookie to a very large integer, like 99999999, the server struggles with the request for a long time and finally gets back with a 500 error. Making a few requests of this kind caused our server to become unresponsive. Attackers can craft requests that would make the server work very hard (and possibly become unresponsive) and/or crash with minimal effort. This issue has been addressed in version 2.4.15.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24814",
"url": "https://www.suse.com/security/cve/CVE-2024-24814"
},
{
"category": "external",
"summary": "SUSE Bug 1219911 for CVE-2024-24814",
"url": "https://bugzilla.suse.com/1219911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-29T13:53:59Z",
"details": "important"
}
],
"title": "CVE-2024-24814"
},
{
"cve": "CVE-2025-31492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31492"
}
],
"notes": [
{
"category": "general",
"text": "mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthenticated users. The conditions for disclosure are an OIDCProviderAuthRequestMethod POST, a valid account, and there mustn\u0027t be any application-level gateway (or load balancer etc) protecting the server. When you request a protected resource, the response includes the HTTP status, the HTTP headers, the intended response (the self-submitting form), and the protected resource (with no headers). This is an example of a request for a protected resource, including all the data returned. In the case where mod_auth_openidc returns a form, it has to return OK from check_userid so as not to go down the error path in httpd. This means httpd will try to issue the protected resource. oidc_content_handler is called early, which has the opportunity to prevent the normal output being issued by httpd. oidc_content_handler has a number of checks for when it intervenes, but it doesn\u0027t check for this case, so the handler returns DECLINED. Consequently, httpd appends the protected content to the response. The issue has been patched in mod_auth_openidc versions \u003e= 2.4.16.11.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31492",
"url": "https://www.suse.com/security/cve/CVE-2025-31492"
},
{
"category": "external",
"summary": "SUSE Bug 1240893 for CVE-2025-31492",
"url": "https://bugzilla.suse.com/1240893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-29T13:53:59Z",
"details": "important"
}
],
"title": "CVE-2025-31492"
},
{
"cve": "CVE-2025-3891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3891"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3891",
"url": "https://www.suse.com/security/cve/CVE-2025-3891"
},
{
"category": "external",
"summary": "SUSE Bug 1242015 for CVE-2025-3891",
"url": "https://bugzilla.suse.com/1242015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.aarch64",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.ppc64le",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.s390x",
"openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-29T13:53:59Z",
"details": "important"
}
],
"title": "CVE-2025-3891"
}
]
}
WID-SEC-W-2023-2853
Vulnerability from csaf_certbund - Published: 2023-11-07 23:00 - Updated: 2026-01-04 23:00Summary
Red Hat Enterprise Linux: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, Sicherheitsmaßnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen oder beliebigen Code auszuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Red Hat OpenShift Data Foundation <4.12.10
Red Hat / OpenShift
|
Data Foundation <4.12.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 |
References
71 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen oder beliebigen Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2853 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2853.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2853 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2853"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6343"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6365"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6371"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6385"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6492"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6518"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6523"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6549"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6542"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6551"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6566"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6569"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6621"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6631"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6661"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6685"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6705"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6712"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7038 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7038"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7187 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7187"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6943 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:6943"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7052 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7052"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6940 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:6940"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7057 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7057"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6944 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:6944"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7010 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7010"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7174 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7174"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7022 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7022"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7166 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7166"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-6712 vom 2023-11-16",
"url": "https://linux.oracle.com/errata/ELSA-2023-6712.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-6940 vom 2023-11-21",
"url": "https://linux.oracle.com/errata/ELSA-2023-6940.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202311-18 vom 2023-11-27",
"url": "https://security.gentoo.org/glsa/202311-18"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-2362 vom 2023-12-05",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2362.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7741 vom 2023-12-12",
"url": "https://access.redhat.com/errata/RHSA-2023:7741"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7820 vom 2023-12-14",
"url": "https://access.redhat.com/errata/RHSA-2023:7820"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0343 vom 2024-01-24",
"url": "https://linux.oracle.com/errata/ELSA-2024-0343.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0343 vom 2024-01-24",
"url": "https://access.redhat.com/errata/RHSA-2024:0343"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0406 vom 2024-01-25",
"url": "https://access.redhat.com/errata/RHSA-2024:0406"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0422 vom 2024-01-25",
"url": "https://access.redhat.com/errata/RHSA-2024:0422"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2024:0343 vom 2024-01-26",
"url": "https://lists.centos.org/pipermail/centos-announce/2024-January/099213.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0579 vom 2024-01-30",
"url": "https://access.redhat.com/errata/RHSA-2024:0579"
},
{
"category": "external",
"summary": "Meinberg Security Advisory",
"url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2024-01-lantime-firmware-v7-08-007.htm"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1102 vom 2024-03-05",
"url": "https://access.redhat.com/errata/RHSA-2024:1102"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1412 vom 2024-03-19",
"url": "https://access.redhat.com/errata/RHSA-2024:1412"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2033 vom 2024-04-25",
"url": "http://linux.oracle.com/errata/ELSA-2024-2033.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2063 vom 2024-04-25",
"url": "https://access.redhat.com/errata/RHSA-2024:2063"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2092 vom 2024-05-01",
"url": "https://access.redhat.com/errata/RHSA-2024:2092"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2093 vom 2024-05-01",
"url": "https://access.redhat.com/errata/RHSA-2024:2093"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2580 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2580"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2994 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2994"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3214 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3214"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2994 vom 2024-05-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-2994.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6796-1 vom 2024-05-29",
"url": "https://ubuntu.com/security/notices/USN-6796-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3812 vom 2024-06-11",
"url": "https://access.redhat.com/errata/RHSA-2024:3812"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4408 vom 2024-07-09",
"url": "https://access.redhat.com/errata/RHSA-2024:4408"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4430 vom 2024-07-09",
"url": "https://access.redhat.com/errata/RHSA-2024:4430"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4739 vom 2024-07-23",
"url": "https://access.redhat.com/errata/RHSA-2024:4739"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202408-33 vom 2024-08-12",
"url": "https://security.gentoo.org/glsa/202408-33"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202409-18 vom 2024-09-22",
"url": "https://security.gentoo.org/glsa/202409-18"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10761 vom 2024-12-03",
"url": "https://access.redhat.com/errata/RHSA-2024:10761"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0309 vom 2025-01-14",
"url": "https://access.redhat.com/errata/RHSA-2025:0309"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1013 vom 2025-02-04",
"url": "https://access.redhat.com/errata/RHSA-2025:1013"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7266-1 vom 2025-02-13",
"url": "https://ubuntu.com/security/notices/USN-7266-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0741-1 vom 2025-02-28",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/UWWCXAWW252IRDVZWN2IV6HUZ37SPATI/"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4336 vom 2025-10-17",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00017.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4532-1 vom 2025-12-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023659.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4532-1 vom 2025-12-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BBKJJQYVUC6MKZNDXGZERGROZTUYLEKW/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7256201 vom 2026-01-05",
"url": "https://www.ibm.com/support/pages/node/7256201"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-04T23:00:00.000+00:00",
"generator": {
"date": "2026-01-05T08:35:41.901+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2023-2853",
"initial_release_date": "2023-11-07T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-11-07T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-11-14T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-15T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-11-21T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-11-27T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2023-12-04T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-12-12T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-13T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-23T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-01-25T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-28T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von CentOS aufgenommen"
},
{
"date": "2024-01-30T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-05T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-19T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-24T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-04-25T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-01T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-09T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-18T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-23T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-11T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-09-22T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-12-03T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-13T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-04T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-12T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-03-02T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-19T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-12-29T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-01-04T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "34"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.9.1",
"product": {
"name": "IBM Security Verify Access \u003c10.0.9.1",
"product_id": "T049459"
}
},
{
"category": "product_version",
"name": "10.0.9.1",
"product": {
"name": "IBM Security Verify Access 10.0.9.1",
"product_id": "T049459-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_verify_access:v10.0.9.1"
}
}
}
],
"category": "product_name",
"name": "Security Verify Access"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.08.007",
"product": {
"name": "Meinberg LANTIME \u003c7.08.007",
"product_id": "T032435"
}
},
{
"category": "product_version",
"name": "7.08.007",
"product": {
"name": "Meinberg LANTIME 7.08.007",
"product_id": "T032435-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:meinberg:lantime:7.08.007"
}
}
}
],
"category": "product_name",
"name": "LANTIME"
}
],
"category": "vendor",
"name": "Meinberg"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "7",
"product": {
"name": "Red Hat Enterprise Linux 7",
"product_id": "T030979",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T030980",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "Red Hat Enterprise Linux 9",
"product_id": "T030981",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Foundation \u003c4.12.10",
"product": {
"name": "Red Hat OpenShift Data Foundation \u003c4.12.10",
"product_id": "T031698"
}
},
{
"category": "product_version",
"name": "Data Foundation 4.12.10",
"product": {
"name": "Red Hat OpenShift Data Foundation 4.12.10",
"product_id": "T031698-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:data_foundation__4.12.10"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-32142",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2021-32142"
},
{
"cve": "CVE-2021-43618",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2021-43618"
},
{
"cve": "CVE-2022-23527",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2022-23527"
},
{
"cve": "CVE-2022-40898",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2022-40898"
},
{
"cve": "CVE-2022-48468",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2022-48468"
},
{
"cve": "CVE-2023-1672",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-1672"
},
{
"cve": "CVE-2023-1786",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-1786"
},
{
"cve": "CVE-2023-22745",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-22745"
},
{
"cve": "CVE-2023-26767",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-26767"
},
{
"cve": "CVE-2023-26768",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-26768"
},
{
"cve": "CVE-2023-26769",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-26769"
},
{
"cve": "CVE-2023-28100",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-28100"
},
{
"cve": "CVE-2023-28101",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-28101"
},
{
"cve": "CVE-2023-28370",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-28370"
},
{
"cve": "CVE-2023-28625",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-28625"
},
{
"cve": "CVE-2023-29499",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-29499"
},
{
"cve": "CVE-2023-31486",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-31486"
},
{
"cve": "CVE-2023-32611",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-32611"
},
{
"cve": "CVE-2023-32665",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-32665"
},
{
"cve": "CVE-2023-33204",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-33204"
},
{
"cve": "CVE-2023-33460",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-33460"
},
{
"cve": "CVE-2023-38710",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-38710"
},
{
"cve": "CVE-2023-38711",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-38711"
},
{
"cve": "CVE-2023-38712",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-38712"
},
{
"cve": "CVE-2023-4016",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"67646",
"T012167",
"T004914",
"2951",
"T002207",
"T000126",
"398363",
"T030979",
"1727",
"T049459"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-4016"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…