SUSE has issued an advisory on June 8: https://lists.suse.com/pipermail/sle-security-updates/2021-June/008962.html Mageia 8 is also affected.
CC: (none) => nicolas.salgueroWhiteboard: (none) => MGA8TOO
The registered maintainer mitya is not with us any more, and various people commit this SRPM; so asigning the bug globally.
Assignee: bugsquad => pkg-bugs
Fedora has issued an advisory for this on June 11: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5HJK366TLFEOIYWTHQSZO24MSDPBXHJU/
Suggested advisory: ======================== The updated package fixes a security vulnerability: mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors. (CVE-2021-20718) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20718 https://lists.suse.com/pipermail/sle-security-updates/2021-June/008962.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5HJK366TLFEOIYWTHQSZO24MSDPBXHJU/ ======================== Updated package in core/updates_testing: ======================== apache-mod_auth_openidc-2.4.2.1-1.1.mga8 from SRPM: apache-mod_auth_openidc-2.4.2.1-1.1.mga8.src.rpm
CVE: (none) => CVE-2021-20718Status: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugsVersion: Cauldron => 8Whiteboard: MGA8TOO => (none)
MGA8-64 Plasma on lenovo B50 No installation issues Ref bug 26289 # systemctl -l status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: inactive (dead) # systemctl start httpd # systemctl -l status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: active (running) since Fri 2021-06-18 14:57:51 CEST; 2s ago Main PID: 13008 (httpd) Status: "Processing requests..." Tasks: 6 (limit: 9402) Memory: 7.7M CPU: 59ms CGroup: /system.slice/httpd.service ├─13008 /usr/sbin/httpd -DFOREGROUND ├─13010 /usr/sbin/httpd -DFOREGROUND ├─13011 /usr/sbin/httpd -DFOREGROUND ├─13012 /usr/sbin/httpd -DFOREGROUND ├─13013 /usr/sbin/httpd -DFOREGROUND └─13014 /usr/sbin/httpd -DFOREGROUND jun 18 14:57:51 mach5.hviaene.thuis systemd[1]: Starting The Apache HTTP Server... jun 18 14:57:51 mach5.hviaene.thuis httpd[13008]: AH00558: httpd: Could not reliably determine the serv> jun 18 14:57:51 mach5.hviaene.thuis systemd[1]: Started The Apache HTTP Server. Point browser to localhost and get "It works", so OK on clean install.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating. Advisory in Comment 3.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => ouaurelienKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0280.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED