Amazon Linux 1 Security Advisory: ALAS-2023-1765
Advisory Release Date: 2023-06-05 16:39 Pacific
Advisory Updated Date: 2023-06-08 23:39 Pacific
A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity. (CVE-2021-3639)
Affected Packages:
mod24_auth_mellon
Issue Correction:
Run yum update mod24_auth_mellon to update your system.
i686:
mod24_auth_mellon-diagnostics-0.14.0-2.10.amzn1.i686
mod24_auth_mellon-0.14.0-2.10.amzn1.i686
mod24_auth_mellon-debuginfo-0.14.0-2.10.amzn1.i686
src:
mod24_auth_mellon-0.14.0-2.10.amzn1.src
x86_64:
mod24_auth_mellon-diagnostics-0.14.0-2.10.amzn1.x86_64
mod24_auth_mellon-debuginfo-0.14.0-2.10.amzn1.x86_64
mod24_auth_mellon-0.14.0-2.10.amzn1.x86_64