[ALSA-2025:3997] Important: mod_auth_openidc:2.3 security update
Type:
security
Severity:
important
Release date:
2025-04-21
Description:
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fix(es): * mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data (CVE-2025-31492) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 mod_auth_openidc-2.4.9.4-7.module_el8.10.0+3978+e883c40d.aarch64.rpm 48ec5cebb23eb24d0739be2476166195037aaaba6b5eed69eb424b1e877d845e
aarch64 cjose-devel-0.6.1-4.module_el8.9.0+3631+0ced13d7.aarch64.rpm 50cdbf68124fbd564661572d1deca2465adad94c4fa241d69ddd27500b271270
aarch64 cjose-0.6.1-4.module_el8.10.0+3881+234adf82.aarch64.rpm 924273913f72bf89cfd7ffce6347879d0f26bffc76829ddc4531b31e9bf197b9
ppc64le mod_auth_openidc-2.4.9.4-7.module_el8.10.0+3978+e883c40d.ppc64le.rpm 2c00385d32d7e552d557c0251fdaa58be01750a801de7dc4479f1dec152bea20
ppc64le cjose-devel-0.6.1-4.module_el8.9.0+3631+0ced13d7.ppc64le.rpm 994c5edf4ec7f52af34c866284a4745d6fb36daae3dccf30debaf61555329384
ppc64le cjose-0.6.1-4.module_el8.10.0+3881+234adf82.ppc64le.rpm 9c1cb16cdb6497f112b3596b0a2d691fd0ba0c2d277a7b8ae8aab35c08b42b65
s390x cjose-devel-0.6.1-4.module_el8.10.0+3881+234adf82.s390x.rpm 559c2230cf633477f6087a021e6c86fcc10f9ddd90a75eff6a9a97e1e9e6462e
s390x cjose-0.6.1-4.module_el8.10.0+3881+234adf82.s390x.rpm f2276b80986159e6c98c20e7b1f84a175e9f21a5ed4a7bd1e4530f03dd3c3001
s390x mod_auth_openidc-2.4.9.4-7.module_el8.10.0+3978+e883c40d.s390x.rpm f7c91f7fbe4262c811022e7e2a7183ca8b91c297f66c0f1566e08df5dbb4405b
x86_64 cjose-devel-0.6.1-4.module_el8.9.0+3631+0ced13d7.x86_64.rpm 738eb3d6de925553d28836363754aaaa1866bc3ae8d2651d2c5865d239e7beb1
x86_64 cjose-0.6.1-4.module_el8.9.0+3631+0ced13d7.x86_64.rpm 8829a97281d3102aa0d5835adca7ad2851c9b01144eabff84d7a4827c585b3bc
x86_64 mod_auth_openidc-2.4.9.4-7.module_el8.10.0+3978+e883c40d.x86_64.rpm f78326a1f2ad490fe30c8df8d89f1baa4bba31682fa66acac34b28f33ec3a05c
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.