Description:
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
Security Fix(es):
* mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled (CVE-2025-3891)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture |
Package |
Checksum |
aarch64 |
mod_auth_openidc-2.4.10-1.el9_6.2.aarch64.rpm |
af606f4edfcc272071ec678388a3e5b53426ceaf2e339b4376101ccc21719ec5 |
ppc64le |
mod_auth_openidc-2.4.10-1.el9_6.2.ppc64le.rpm |
ab90c31bf8b98cae6ce6964512a4ec641e3623235072fb94d2a2d872b9668a44 |
s390x |
mod_auth_openidc-2.4.10-1.el9_6.2.s390x.rpm |
677edae81c8920fd0380c013566631a2a6ad5ebbc235cd7a946e4b11b078da88 |
x86_64 |
mod_auth_openidc-2.4.10-1.el9_6.2.x86_64.rpm |
c90d3c7ae4584e4ab06414d0cbe06859cee8591af62596c7fdbcde46220ef210 |