Red Hat Product Errata RHSA-2025:10007 - Security Advisory
Issued:
2025-07-01
Updated:
2025-07-01

RHSA-2025:10007 - Security Advisory

Synopsis

Important: mod_auth_openidc security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for mod_auth_openidc is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Security Fix(es):

  • mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled (CVE-2025-3891)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x

Fixes

  • BZ - 2361633 - CVE-2025-3891 mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.2.src.rpm SHA-256: 4b87390ae1ea57d38293844cb46dc29b1ab4fea21ad4a303535d451891631f54
x86_64
mod_auth_openidc-2.4.9.4-4.el9_4.2.x86_64.rpm SHA-256: 479262047755789bda71356ec97bbfd95422e019a497ec382ea4d809d2fcac4a
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.2.x86_64.rpm SHA-256: 594ce347b033cf01051a3725549b14f8d6326811a1481f8ed97469cd1e65ea74
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.2.x86_64.rpm SHA-256: 2c7351b9a996bae695d49f9d00d093e8ecfbbdf2e599f8100c598638ab738772

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.2.src.rpm SHA-256: 4b87390ae1ea57d38293844cb46dc29b1ab4fea21ad4a303535d451891631f54
x86_64
mod_auth_openidc-2.4.9.4-4.el9_4.2.x86_64.rpm SHA-256: 479262047755789bda71356ec97bbfd95422e019a497ec382ea4d809d2fcac4a
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.2.x86_64.rpm SHA-256: 594ce347b033cf01051a3725549b14f8d6326811a1481f8ed97469cd1e65ea74
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.2.x86_64.rpm SHA-256: 2c7351b9a996bae695d49f9d00d093e8ecfbbdf2e599f8100c598638ab738772

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.2.src.rpm SHA-256: 4b87390ae1ea57d38293844cb46dc29b1ab4fea21ad4a303535d451891631f54
s390x
mod_auth_openidc-2.4.9.4-4.el9_4.2.s390x.rpm SHA-256: 6c2dcac4c098ee70ecc64317fc8b63f700d435f671cf44e98734ae1b903a33d7
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.2.s390x.rpm SHA-256: b4e0de8d444fa128d5c9013e1a9f6110c80b7e2b707d5776c05aad07bf298cc4
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.2.s390x.rpm SHA-256: 1a53e7190ded9dbefe1ef5e571ab40ac3a2681e5a85ca61194bc853ae953689c

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.2.src.rpm SHA-256: 4b87390ae1ea57d38293844cb46dc29b1ab4fea21ad4a303535d451891631f54
ppc64le
mod_auth_openidc-2.4.9.4-4.el9_4.2.ppc64le.rpm SHA-256: bfd08ac06146c327ec4efe3c966a046784c6636a4e50b59bea00a453f90f4294
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.2.ppc64le.rpm SHA-256: 365b37e7893830e06c4323277802ad8a30ebdca8b7523c1379ff2f53f891ada2
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.2.ppc64le.rpm SHA-256: 87d5a72be95a23722c8c1889b2d6f47c51f6bde77639eeb306595c14ff5ed952

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.2.src.rpm SHA-256: 4b87390ae1ea57d38293844cb46dc29b1ab4fea21ad4a303535d451891631f54
aarch64
mod_auth_openidc-2.4.9.4-4.el9_4.2.aarch64.rpm SHA-256: 919af727a8268487e91bc6d1840e2791fe3ab0498858c87554c32d575c2f058d
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.2.aarch64.rpm SHA-256: bda8fa3776f2e4f82932d3b642012865c12109d972844433ddb4bb989f00afbf
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.2.aarch64.rpm SHA-256: a0cf51453820479776814dcb190770f257ac334540c24e1c7670dbe720bdcbb6

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.2.src.rpm SHA-256: 4b87390ae1ea57d38293844cb46dc29b1ab4fea21ad4a303535d451891631f54
ppc64le
mod_auth_openidc-2.4.9.4-4.el9_4.2.ppc64le.rpm SHA-256: bfd08ac06146c327ec4efe3c966a046784c6636a4e50b59bea00a453f90f4294
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.2.ppc64le.rpm SHA-256: 365b37e7893830e06c4323277802ad8a30ebdca8b7523c1379ff2f53f891ada2
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.2.ppc64le.rpm SHA-256: 87d5a72be95a23722c8c1889b2d6f47c51f6bde77639eeb306595c14ff5ed952

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.2.src.rpm SHA-256: 4b87390ae1ea57d38293844cb46dc29b1ab4fea21ad4a303535d451891631f54
x86_64
mod_auth_openidc-2.4.9.4-4.el9_4.2.x86_64.rpm SHA-256: 479262047755789bda71356ec97bbfd95422e019a497ec382ea4d809d2fcac4a
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.2.x86_64.rpm SHA-256: 594ce347b033cf01051a3725549b14f8d6326811a1481f8ed97469cd1e65ea74
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.2.x86_64.rpm SHA-256: 2c7351b9a996bae695d49f9d00d093e8ecfbbdf2e599f8100c598638ab738772

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.2.src.rpm SHA-256: 4b87390ae1ea57d38293844cb46dc29b1ab4fea21ad4a303535d451891631f54
aarch64
mod_auth_openidc-2.4.9.4-4.el9_4.2.aarch64.rpm SHA-256: 919af727a8268487e91bc6d1840e2791fe3ab0498858c87554c32d575c2f058d
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.2.aarch64.rpm SHA-256: bda8fa3776f2e4f82932d3b642012865c12109d972844433ddb4bb989f00afbf
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.2.aarch64.rpm SHA-256: a0cf51453820479776814dcb190770f257ac334540c24e1c7670dbe720bdcbb6

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.2.src.rpm SHA-256: 4b87390ae1ea57d38293844cb46dc29b1ab4fea21ad4a303535d451891631f54
s390x
mod_auth_openidc-2.4.9.4-4.el9_4.2.s390x.rpm SHA-256: 6c2dcac4c098ee70ecc64317fc8b63f700d435f671cf44e98734ae1b903a33d7
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.2.s390x.rpm SHA-256: b4e0de8d444fa128d5c9013e1a9f6110c80b7e2b707d5776c05aad07bf298cc4
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.2.s390x.rpm SHA-256: 1a53e7190ded9dbefe1ef5e571ab40ac3a2681e5a85ca61194bc853ae953689c

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.2.src.rpm SHA-256: 4b87390ae1ea57d38293844cb46dc29b1ab4fea21ad4a303535d451891631f54
x86_64
mod_auth_openidc-2.4.9.4-4.el9_4.2.x86_64.rpm SHA-256: 479262047755789bda71356ec97bbfd95422e019a497ec382ea4d809d2fcac4a
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.2.x86_64.rpm SHA-256: 594ce347b033cf01051a3725549b14f8d6326811a1481f8ed97469cd1e65ea74
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.2.x86_64.rpm SHA-256: 2c7351b9a996bae695d49f9d00d093e8ecfbbdf2e599f8100c598638ab738772

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.2.src.rpm SHA-256: 4b87390ae1ea57d38293844cb46dc29b1ab4fea21ad4a303535d451891631f54
aarch64
mod_auth_openidc-2.4.9.4-4.el9_4.2.aarch64.rpm SHA-256: 919af727a8268487e91bc6d1840e2791fe3ab0498858c87554c32d575c2f058d
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.2.aarch64.rpm SHA-256: bda8fa3776f2e4f82932d3b642012865c12109d972844433ddb4bb989f00afbf
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.2.aarch64.rpm SHA-256: a0cf51453820479776814dcb190770f257ac334540c24e1c7670dbe720bdcbb6

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.2.src.rpm SHA-256: 4b87390ae1ea57d38293844cb46dc29b1ab4fea21ad4a303535d451891631f54
ppc64le
mod_auth_openidc-2.4.9.4-4.el9_4.2.ppc64le.rpm SHA-256: bfd08ac06146c327ec4efe3c966a046784c6636a4e50b59bea00a453f90f4294
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.2.ppc64le.rpm SHA-256: 365b37e7893830e06c4323277802ad8a30ebdca8b7523c1379ff2f53f891ada2
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.2.ppc64le.rpm SHA-256: 87d5a72be95a23722c8c1889b2d6f47c51f6bde77639eeb306595c14ff5ed952

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.2.src.rpm SHA-256: 4b87390ae1ea57d38293844cb46dc29b1ab4fea21ad4a303535d451891631f54
s390x
mod_auth_openidc-2.4.9.4-4.el9_4.2.s390x.rpm SHA-256: 6c2dcac4c098ee70ecc64317fc8b63f700d435f671cf44e98734ae1b903a33d7
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.2.s390x.rpm SHA-256: b4e0de8d444fa128d5c9013e1a9f6110c80b7e2b707d5776c05aad07bf298cc4
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.2.s390x.rpm SHA-256: 1a53e7190ded9dbefe1ef5e571ab40ac3a2681e5a85ca61194bc853ae953689c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.