ALAS-2023-1765


Amazon Linux 1 (EOL) Security Advisory: ALAS-2023-1765
Advisory Released Date: 2023-06-08
Advisory Updated Date: 2023-06-08
Severity: Medium

Issue Overview:

A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity. (CVE-2021-3639)


Affected Packages:

mod24_auth_mellon


Issue Correction:
Run yum update mod24_auth_mellon to update your system.

New Packages:
i686:
    mod24_auth_mellon-diagnostics-0.14.0-2.10.amzn1.i686
    mod24_auth_mellon-0.14.0-2.10.amzn1.i686
    mod24_auth_mellon-debuginfo-0.14.0-2.10.amzn1.i686

src:
    mod24_auth_mellon-0.14.0-2.10.amzn1.src

x86_64:
    mod24_auth_mellon-diagnostics-0.14.0-2.10.amzn1.x86_64
    mod24_auth_mellon-debuginfo-0.14.0-2.10.amzn1.x86_64
    mod24_auth_mellon-0.14.0-2.10.amzn1.x86_64