[ALSA-2025:4597] Moderate: mod_auth_openidc:2.3 security update
Type:
security
Severity:
moderate
Release date:
2025-05-07
Description:
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fix(es): * mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled (CVE-2025-3891) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 mod_auth_openidc-2.4.9.4-8.module_el8.10.0+3988+526f0275.aarch64.rpm 2a12f9f4eec2a2c43be37550bba1d744ce7a15654e802e58041a3fada19cb85d
aarch64 cjose-devel-0.6.1-4.module_el8.9.0+3631+0ced13d7.aarch64.rpm 50cdbf68124fbd564661572d1deca2465adad94c4fa241d69ddd27500b271270
aarch64 cjose-0.6.1-4.module_el8.10.0+3881+234adf82.aarch64.rpm 924273913f72bf89cfd7ffce6347879d0f26bffc76829ddc4531b31e9bf197b9
ppc64le mod_auth_openidc-2.4.9.4-8.module_el8.10.0+3988+526f0275.ppc64le.rpm 68678dd4ebb0f7b3438c0aed236c0be5a7518e9499aa1a0053a28ba07b89279b
ppc64le cjose-devel-0.6.1-4.module_el8.9.0+3631+0ced13d7.ppc64le.rpm 994c5edf4ec7f52af34c866284a4745d6fb36daae3dccf30debaf61555329384
ppc64le cjose-0.6.1-4.module_el8.10.0+3881+234adf82.ppc64le.rpm 9c1cb16cdb6497f112b3596b0a2d691fd0ba0c2d277a7b8ae8aab35c08b42b65
s390x mod_auth_openidc-2.4.9.4-8.module_el8.10.0+3988+526f0275.s390x.rpm 111ad643c77768c74688b7d46e2d047447ef8a7f313734758d3e8ac8616efe37
s390x cjose-devel-0.6.1-4.module_el8.10.0+3881+234adf82.s390x.rpm 559c2230cf633477f6087a021e6c86fcc10f9ddd90a75eff6a9a97e1e9e6462e
s390x cjose-0.6.1-4.module_el8.10.0+3881+234adf82.s390x.rpm f2276b80986159e6c98c20e7b1f84a175e9f21a5ed4a7bd1e4530f03dd3c3001
x86_64 cjose-devel-0.6.1-4.module_el8.9.0+3631+0ced13d7.x86_64.rpm 738eb3d6de925553d28836363754aaaa1866bc3ae8d2651d2c5865d239e7beb1
x86_64 cjose-0.6.1-4.module_el8.9.0+3631+0ced13d7.x86_64.rpm 8829a97281d3102aa0d5835adca7ad2851c9b01144eabff84d7a4827c585b3bc
x86_64 mod_auth_openidc-2.4.9.4-8.module_el8.10.0+3988+526f0275.x86_64.rpm cd89b76be88afdb242d7db708280b2d1f8157055ebc7056e2c1b4cbdd06fceb8
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.