红帽产品勘误 RHSA-2025:3997 - Security Advisory
发布:
2025-04-17
已更新:
2025-04-17

RHSA-2025:3997 - Security Advisory

概述

Important: mod_auth_openidc:2.3 security update

类型/严重性

Security Advisory: Important

Red Hat Insights 补丁分析

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for the mod_auth_openidc:2.3 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Security Fix(es):

  • mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data (CVE-2025-31492)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x

修复

  • BZ - 2357738 - CVE-2025-31492 mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data

Red Hat Enterprise Linux for x86_64 8

SRPM
cjose-0.6.1-4.module+el8.10.0+21813+b5444eb8.src.rpm SHA-256: 3c01f731e2c757a24021767d476047f34e5b627eb7bb8323998f2df0b4c76c25
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.src.rpm SHA-256: 7dd304092d8a6ad6690861f57c6cf23ce2ac7e57ca30a339472cce2bc4c7440c
x86_64
cjose-0.6.1-4.module+el8.10.0+21813+b5444eb8.x86_64.rpm SHA-256: 8af91cfcb972d0a0e9f96578c72d3fca680418bfa19e3e92573290448d5f68bf
cjose-debuginfo-0.6.1-4.module+el8.10.0+21813+b5444eb8.x86_64.rpm SHA-256: 659cc2ffaec4b2d30898cd507134e1414e29a115074311da5ba772767173bf91
cjose-debugsource-0.6.1-4.module+el8.10.0+21813+b5444eb8.x86_64.rpm SHA-256: 01eeab24828379171c0fbecc3e4e9b33fac2ab90a48d5b9f0debc72953654f61
cjose-devel-0.6.1-4.module+el8.10.0+21813+b5444eb8.x86_64.rpm SHA-256: 929359bf180f474b3138dba6fe4463fe5dcb2d677a48509b452e46ae97b91349
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.x86_64.rpm SHA-256: 918425fa8a2c65c9e161755dc01916c7ede22145d02bc0a0919175b841167f7d
mod_auth_openidc-debuginfo-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.x86_64.rpm SHA-256: 9e3a46d79c71e24b2c82577e76ee420a3ff45a4915352ec2301f10921b98008e
mod_auth_openidc-debugsource-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.x86_64.rpm SHA-256: 0aecc4ba38215f42cef1d6e8ac9a3f5ce2b959e9cfcc973ea429eb09b941865c

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
cjose-0.6.1-4.module+el8.10.0+21813+b5444eb8.src.rpm SHA-256: 3c01f731e2c757a24021767d476047f34e5b627eb7bb8323998f2df0b4c76c25
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.src.rpm SHA-256: 7dd304092d8a6ad6690861f57c6cf23ce2ac7e57ca30a339472cce2bc4c7440c
s390x
cjose-0.6.1-4.module+el8.10.0+21813+b5444eb8.s390x.rpm SHA-256: b08482a32a97de7e911e398a8709b1dd9cd374064c6fc8b6df78f011f89eb370
cjose-debuginfo-0.6.1-4.module+el8.10.0+21813+b5444eb8.s390x.rpm SHA-256: bd4b5f7cf1350176c62f91e8acb9b5194d23ecff2e1af9b0d2f4e82d073aaa42
cjose-debugsource-0.6.1-4.module+el8.10.0+21813+b5444eb8.s390x.rpm SHA-256: c69238fbdece5241cb5ccf4fac58dd8d34cb045caf00f7afc31d83ca936bbdd0
cjose-devel-0.6.1-4.module+el8.10.0+21813+b5444eb8.s390x.rpm SHA-256: e2ecb8b3fb34aa3df1e94b1d809a8428b911c79fe280cd4af8ca3e7008c4f8d8
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.s390x.rpm SHA-256: 6fcf5b18ee1533f13da9d2929a9fd1dbc07aabf3c1052ccc91c7b47bc09a35f3
mod_auth_openidc-debuginfo-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.s390x.rpm SHA-256: fab0a769478606f96de125e17ffde8e4da911c553a299a55aabf0fb0b29d8966
mod_auth_openidc-debugsource-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.s390x.rpm SHA-256: 51ea28a50c54e9f4b3ca53e23f31fb611d3d1fe3a42dc3023ca5a56be7062465

Red Hat Enterprise Linux for Power, little endian 8

SRPM
cjose-0.6.1-4.module+el8.10.0+21813+b5444eb8.src.rpm SHA-256: 3c01f731e2c757a24021767d476047f34e5b627eb7bb8323998f2df0b4c76c25
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.src.rpm SHA-256: 7dd304092d8a6ad6690861f57c6cf23ce2ac7e57ca30a339472cce2bc4c7440c
ppc64le
cjose-0.6.1-4.module+el8.10.0+21813+b5444eb8.ppc64le.rpm SHA-256: f65859c5fec85f4cc2f5cb82b11b6e6ffcbb0dd8f0f291a33972f14e21c59080
cjose-debuginfo-0.6.1-4.module+el8.10.0+21813+b5444eb8.ppc64le.rpm SHA-256: 4d6db22574478b725a8a595b520e9ce034747413cf0c17ad4bd21ab4d71ee1f9
cjose-debugsource-0.6.1-4.module+el8.10.0+21813+b5444eb8.ppc64le.rpm SHA-256: 778c3304404f7b0713dcf0ada4599e1a50d26c043976f6746ed9301f68a51e49
cjose-devel-0.6.1-4.module+el8.10.0+21813+b5444eb8.ppc64le.rpm SHA-256: d9ae1e136f4e02e4475764520e680bcab66000955eb2ef4c282156c22bd4348a
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.ppc64le.rpm SHA-256: 37a74be7244da5ece01ed5855d9c6bda65c3c4d876bf592fd055df8d38d5f56d
mod_auth_openidc-debuginfo-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.ppc64le.rpm SHA-256: 78de6e303ee17aae1c2f94dfe1bb97728ebca7f8d265d3f38c9d65be04d009ba
mod_auth_openidc-debugsource-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.ppc64le.rpm SHA-256: 66a3464b4891cfe46bf75c86a297c56704d0523fe6b29f8fb278ad0f6a13227a

Red Hat Enterprise Linux for ARM 64 8

SRPM
cjose-0.6.1-4.module+el8.10.0+21813+b5444eb8.src.rpm SHA-256: 3c01f731e2c757a24021767d476047f34e5b627eb7bb8323998f2df0b4c76c25
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.src.rpm SHA-256: 7dd304092d8a6ad6690861f57c6cf23ce2ac7e57ca30a339472cce2bc4c7440c
aarch64
cjose-0.6.1-4.module+el8.10.0+21813+b5444eb8.aarch64.rpm SHA-256: aa3711eefdc7dbdc64a156cf835618ee8daa315196857217c7f282d8e54faccd
cjose-debuginfo-0.6.1-4.module+el8.10.0+21813+b5444eb8.aarch64.rpm SHA-256: c6d1a2459fe4066e3c5e84c7d86a6d5c9d6a6790338d3a546f2de7d6dc631513
cjose-debugsource-0.6.1-4.module+el8.10.0+21813+b5444eb8.aarch64.rpm SHA-256: a6c0968cd721a74dac5f225411502b82ea4a64a72bdc8898aafb0a9f9513d13f
cjose-devel-0.6.1-4.module+el8.10.0+21813+b5444eb8.aarch64.rpm SHA-256: 911c61b0741f55bcb14c19f799f0f028b6d2a919b2765db2404ade46786b7b0d
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.aarch64.rpm SHA-256: d87bc75d13073f68c0e6cfe05ce03c575fa36c3873baab4a539ec0f4bc0a01bb
mod_auth_openidc-debuginfo-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.aarch64.rpm SHA-256: d6e915467e86996864159e4d617ace944af0b7075a1fb83d87b6d30b6c76607c
mod_auth_openidc-debugsource-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.aarch64.rpm SHA-256: de6bc0eff77e1d2aa2964e53c0f7063af0b25be15d03cb82e504cfc698d41160

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10

SRPM
cjose-0.6.1-4.module+el8.10.0+21813+b5444eb8.src.rpm SHA-256: 3c01f731e2c757a24021767d476047f34e5b627eb7bb8323998f2df0b4c76c25
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.src.rpm SHA-256: 7dd304092d8a6ad6690861f57c6cf23ce2ac7e57ca30a339472cce2bc4c7440c
x86_64
cjose-0.6.1-4.module+el8.10.0+21813+b5444eb8.x86_64.rpm SHA-256: 8af91cfcb972d0a0e9f96578c72d3fca680418bfa19e3e92573290448d5f68bf
cjose-debuginfo-0.6.1-4.module+el8.10.0+21813+b5444eb8.x86_64.rpm SHA-256: 659cc2ffaec4b2d30898cd507134e1414e29a115074311da5ba772767173bf91
cjose-debugsource-0.6.1-4.module+el8.10.0+21813+b5444eb8.x86_64.rpm SHA-256: 01eeab24828379171c0fbecc3e4e9b33fac2ab90a48d5b9f0debc72953654f61
cjose-devel-0.6.1-4.module+el8.10.0+21813+b5444eb8.x86_64.rpm SHA-256: 929359bf180f474b3138dba6fe4463fe5dcb2d677a48509b452e46ae97b91349
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.x86_64.rpm SHA-256: 918425fa8a2c65c9e161755dc01916c7ede22145d02bc0a0919175b841167f7d
mod_auth_openidc-debuginfo-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.x86_64.rpm SHA-256: 9e3a46d79c71e24b2c82577e76ee420a3ff45a4915352ec2301f10921b98008e
mod_auth_openidc-debugsource-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.x86_64.rpm SHA-256: 0aecc4ba38215f42cef1d6e8ac9a3f5ce2b959e9cfcc973ea429eb09b941865c

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10

SRPM
cjose-0.6.1-4.module+el8.10.0+21813+b5444eb8.src.rpm SHA-256: 3c01f731e2c757a24021767d476047f34e5b627eb7bb8323998f2df0b4c76c25
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.src.rpm SHA-256: 7dd304092d8a6ad6690861f57c6cf23ce2ac7e57ca30a339472cce2bc4c7440c
aarch64
cjose-0.6.1-4.module+el8.10.0+21813+b5444eb8.aarch64.rpm SHA-256: aa3711eefdc7dbdc64a156cf835618ee8daa315196857217c7f282d8e54faccd
cjose-debuginfo-0.6.1-4.module+el8.10.0+21813+b5444eb8.aarch64.rpm SHA-256: c6d1a2459fe4066e3c5e84c7d86a6d5c9d6a6790338d3a546f2de7d6dc631513
cjose-debugsource-0.6.1-4.module+el8.10.0+21813+b5444eb8.aarch64.rpm SHA-256: a6c0968cd721a74dac5f225411502b82ea4a64a72bdc8898aafb0a9f9513d13f
cjose-devel-0.6.1-4.module+el8.10.0+21813+b5444eb8.aarch64.rpm SHA-256: 911c61b0741f55bcb14c19f799f0f028b6d2a919b2765db2404ade46786b7b0d
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.aarch64.rpm SHA-256: d87bc75d13073f68c0e6cfe05ce03c575fa36c3873baab4a539ec0f4bc0a01bb
mod_auth_openidc-debuginfo-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.aarch64.rpm SHA-256: d6e915467e86996864159e4d617ace944af0b7075a1fb83d87b6d30b6c76607c
mod_auth_openidc-debugsource-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.aarch64.rpm SHA-256: de6bc0eff77e1d2aa2964e53c0f7063af0b25be15d03cb82e504cfc698d41160

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10

SRPM
cjose-0.6.1-4.module+el8.10.0+21813+b5444eb8.src.rpm SHA-256: 3c01f731e2c757a24021767d476047f34e5b627eb7bb8323998f2df0b4c76c25
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.src.rpm SHA-256: 7dd304092d8a6ad6690861f57c6cf23ce2ac7e57ca30a339472cce2bc4c7440c
ppc64le
cjose-0.6.1-4.module+el8.10.0+21813+b5444eb8.ppc64le.rpm SHA-256: f65859c5fec85f4cc2f5cb82b11b6e6ffcbb0dd8f0f291a33972f14e21c59080
cjose-debuginfo-0.6.1-4.module+el8.10.0+21813+b5444eb8.ppc64le.rpm SHA-256: 4d6db22574478b725a8a595b520e9ce034747413cf0c17ad4bd21ab4d71ee1f9
cjose-debugsource-0.6.1-4.module+el8.10.0+21813+b5444eb8.ppc64le.rpm SHA-256: 778c3304404f7b0713dcf0ada4599e1a50d26c043976f6746ed9301f68a51e49
cjose-devel-0.6.1-4.module+el8.10.0+21813+b5444eb8.ppc64le.rpm SHA-256: d9ae1e136f4e02e4475764520e680bcab66000955eb2ef4c282156c22bd4348a
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.ppc64le.rpm SHA-256: 37a74be7244da5ece01ed5855d9c6bda65c3c4d876bf592fd055df8d38d5f56d
mod_auth_openidc-debuginfo-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.ppc64le.rpm SHA-256: 78de6e303ee17aae1c2f94dfe1bb97728ebca7f8d265d3f38c9d65be04d009ba
mod_auth_openidc-debugsource-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.ppc64le.rpm SHA-256: 66a3464b4891cfe46bf75c86a297c56704d0523fe6b29f8fb278ad0f6a13227a

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10

SRPM
cjose-0.6.1-4.module+el8.10.0+21813+b5444eb8.src.rpm SHA-256: 3c01f731e2c757a24021767d476047f34e5b627eb7bb8323998f2df0b4c76c25
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.src.rpm SHA-256: 7dd304092d8a6ad6690861f57c6cf23ce2ac7e57ca30a339472cce2bc4c7440c
s390x
cjose-0.6.1-4.module+el8.10.0+21813+b5444eb8.s390x.rpm SHA-256: b08482a32a97de7e911e398a8709b1dd9cd374064c6fc8b6df78f011f89eb370
cjose-debuginfo-0.6.1-4.module+el8.10.0+21813+b5444eb8.s390x.rpm SHA-256: bd4b5f7cf1350176c62f91e8acb9b5194d23ecff2e1af9b0d2f4e82d073aaa42
cjose-debugsource-0.6.1-4.module+el8.10.0+21813+b5444eb8.s390x.rpm SHA-256: c69238fbdece5241cb5ccf4fac58dd8d34cb045caf00f7afc31d83ca936bbdd0
cjose-devel-0.6.1-4.module+el8.10.0+21813+b5444eb8.s390x.rpm SHA-256: e2ecb8b3fb34aa3df1e94b1d809a8428b911c79fe280cd4af8ca3e7008c4f8d8
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.s390x.rpm SHA-256: 6fcf5b18ee1533f13da9d2929a9fd1dbc07aabf3c1052ccc91c7b47bc09a35f3
mod_auth_openidc-debuginfo-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.s390x.rpm SHA-256: fab0a769478606f96de125e17ffde8e4da911c553a299a55aabf0fb0b29d8966
mod_auth_openidc-debugsource-2.4.9.4-7.module+el8.10.0+23023+ba6d7066.s390x.rpm SHA-256: 51ea28a50c54e9f4b3ca53e23f31fb611d3d1fe3a42dc3023ca5a56be7062465

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/