ALAS-2023-1765


Amazon Linux 1 Security Advisory: ALAS-2023-1765
Advisory Release Date: 2023-06-05 16:39 Pacific
Advisory Updated Date: 2023-06-08 23:39 Pacific
Severity: Medium

Issue Overview:

A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity. (CVE-2021-3639)


Affected Packages:

mod24_auth_mellon


Issue Correction:
Run yum update mod24_auth_mellon to update your system.

New Packages:
i686:
    mod24_auth_mellon-diagnostics-0.14.0-2.10.amzn1.i686
    mod24_auth_mellon-0.14.0-2.10.amzn1.i686
    mod24_auth_mellon-debuginfo-0.14.0-2.10.amzn1.i686

src:
    mod24_auth_mellon-0.14.0-2.10.amzn1.src

x86_64:
    mod24_auth_mellon-diagnostics-0.14.0-2.10.amzn1.x86_64
    mod24_auth_mellon-debuginfo-0.14.0-2.10.amzn1.x86_64
    mod24_auth_mellon-0.14.0-2.10.amzn1.x86_64