ALSA-2025:9396

[ALSA-2025:9396] Important: mod_auth_openidc security update

Type:

security

Severity:

important

Release date:

2025-07-03

Description:

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.   

Security Fix(es):  

  * mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled (CVE-2025-3891)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	mod_auth_openidc-2.4.10-1.el9_6.2.aarch64.rpm	af606f4edfcc272071ec678388a3e5b53426ceaf2e339b4376101ccc21719ec5
ppc64le	mod_auth_openidc-2.4.10-1.el9_6.2.ppc64le.rpm	ab90c31bf8b98cae6ce6964512a4ec641e3623235072fb94d2a2d872b9668a44
s390x	mod_auth_openidc-2.4.10-1.el9_6.2.s390x.rpm	677edae81c8920fd0380c013566631a2a6ad5ebbc235cd7a946e4b11b078da88
x86_64	mod_auth_openidc-2.4.10-1.el9_6.2.x86_64.rpm	c90d3c7ae4584e4ab06414d0cbe06859cee8591af62596c7fdbcde46220ef210

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.