ALSA-2025:7419

[ALSA-2025:7419] Important: mod_auth_openidc security update

Type:

security

Severity:

important

Release date:

2025-05-21

Description:

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.   

Security Fix(es):  

  * mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data (CVE-2025-31492)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	mod_auth_openidc-2.4.10-1.el9_6.1.aarch64.rpm	cb6169aeb5cb445dbbc967d8f9b9dadfff88ca7d5c8fba5a4245c70ef4e60d23
ppc64le	mod_auth_openidc-2.4.10-1.el9_6.1.ppc64le.rpm	0474483ee459de7a713f54726c541cba8fd40ba5bc405ec9d70c245c93a50e26
s390x	mod_auth_openidc-2.4.10-1.el9_6.1.s390x.rpm	12ac2120ecbb11d210b5523ccdca63cd5ed6c17702f3eea7a308399a13e70457
x86_64	mod_auth_openidc-2.4.10-1.el9_6.1.x86_64.rpm	0ab4371c1cbb332317d65ef09ec20471f9002d12c5f3ec5939e4130a4e2ecd3f

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.