Red Hat Product Errata RHSA-2025:4224 - Security Advisory
Issued:
2025-04-28
Updated:
2025-04-28

RHSA-2025:4224 - Security Advisory

Synopsis

Important: mod_auth_openidc security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for mod_auth_openidc is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Security Fix(es):

  • mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data (CVE-2025-31492)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x

Fixes

  • BZ - 2357738 - CVE-2025-31492 mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.1.src.rpm SHA-256: c962ccfbeb8f02807b9802fde8dd9052b1fe145e3591d94c2e266419be760faa
x86_64
mod_auth_openidc-2.4.9.4-4.el9_4.1.x86_64.rpm SHA-256: 8332dae97c5dcb2119a829a85bb903d6208a901e111a4110455cfdd421a03f00
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.1.x86_64.rpm SHA-256: 765861463a30615df3828cb7638886a01a437fe7f1c572d649fe6efcc833af1a
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.1.x86_64.rpm SHA-256: eaca1b4666882b0f7b23e3ab460903e3f6361c60b524f7f5c4e6d5a67d371317

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.1.src.rpm SHA-256: c962ccfbeb8f02807b9802fde8dd9052b1fe145e3591d94c2e266419be760faa
x86_64
mod_auth_openidc-2.4.9.4-4.el9_4.1.x86_64.rpm SHA-256: 8332dae97c5dcb2119a829a85bb903d6208a901e111a4110455cfdd421a03f00
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.1.x86_64.rpm SHA-256: 765861463a30615df3828cb7638886a01a437fe7f1c572d649fe6efcc833af1a
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.1.x86_64.rpm SHA-256: eaca1b4666882b0f7b23e3ab460903e3f6361c60b524f7f5c4e6d5a67d371317

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.1.src.rpm SHA-256: c962ccfbeb8f02807b9802fde8dd9052b1fe145e3591d94c2e266419be760faa
s390x
mod_auth_openidc-2.4.9.4-4.el9_4.1.s390x.rpm SHA-256: c2993f454ae12936359582d5fb67362b8c2df9d58a496b1559ba8a12d143f1ba
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.1.s390x.rpm SHA-256: 3025863828a585e7f81e572fe4384ee3002cabbf38c94169987f4c8bad62d47f
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.1.s390x.rpm SHA-256: ee82226e5f4d0d2adf0f37b5fea79de605b335c53145b68f090b358dab624821

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.1.src.rpm SHA-256: c962ccfbeb8f02807b9802fde8dd9052b1fe145e3591d94c2e266419be760faa
ppc64le
mod_auth_openidc-2.4.9.4-4.el9_4.1.ppc64le.rpm SHA-256: 6dd38fcd11dea318729e0d9aa4399dd8d467e29f8e72b69702d848693aa48e3c
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.1.ppc64le.rpm SHA-256: 535e69848d10eaaab8d1e9e640af8eb139de3b38dc8519949a7cc389ac5e8a55
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.1.ppc64le.rpm SHA-256: f491fca89771d4478551396c13fbf35d2507d2619e6b52369a5fafc349f961d0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.1.src.rpm SHA-256: c962ccfbeb8f02807b9802fde8dd9052b1fe145e3591d94c2e266419be760faa
aarch64
mod_auth_openidc-2.4.9.4-4.el9_4.1.aarch64.rpm SHA-256: 97ed2297511e180ba9abcf0f8fea2137b58fed815174ba2a218db421a3f75c9c
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.1.aarch64.rpm SHA-256: 7cd8dec9d7e0d878bc03de090ece01e22244c258e873849e93df19a8e1a1dc1d
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.1.aarch64.rpm SHA-256: 65a6f8e7508e769cfb160b77343b18238b7de3af098ab9241573daeeac68e31f

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.1.src.rpm SHA-256: c962ccfbeb8f02807b9802fde8dd9052b1fe145e3591d94c2e266419be760faa
ppc64le
mod_auth_openidc-2.4.9.4-4.el9_4.1.ppc64le.rpm SHA-256: 6dd38fcd11dea318729e0d9aa4399dd8d467e29f8e72b69702d848693aa48e3c
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.1.ppc64le.rpm SHA-256: 535e69848d10eaaab8d1e9e640af8eb139de3b38dc8519949a7cc389ac5e8a55
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.1.ppc64le.rpm SHA-256: f491fca89771d4478551396c13fbf35d2507d2619e6b52369a5fafc349f961d0

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.1.src.rpm SHA-256: c962ccfbeb8f02807b9802fde8dd9052b1fe145e3591d94c2e266419be760faa
x86_64
mod_auth_openidc-2.4.9.4-4.el9_4.1.x86_64.rpm SHA-256: 8332dae97c5dcb2119a829a85bb903d6208a901e111a4110455cfdd421a03f00
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.1.x86_64.rpm SHA-256: 765861463a30615df3828cb7638886a01a437fe7f1c572d649fe6efcc833af1a
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.1.x86_64.rpm SHA-256: eaca1b4666882b0f7b23e3ab460903e3f6361c60b524f7f5c4e6d5a67d371317

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.1.src.rpm SHA-256: c962ccfbeb8f02807b9802fde8dd9052b1fe145e3591d94c2e266419be760faa
aarch64
mod_auth_openidc-2.4.9.4-4.el9_4.1.aarch64.rpm SHA-256: 97ed2297511e180ba9abcf0f8fea2137b58fed815174ba2a218db421a3f75c9c
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.1.aarch64.rpm SHA-256: 7cd8dec9d7e0d878bc03de090ece01e22244c258e873849e93df19a8e1a1dc1d
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.1.aarch64.rpm SHA-256: 65a6f8e7508e769cfb160b77343b18238b7de3af098ab9241573daeeac68e31f

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.1.src.rpm SHA-256: c962ccfbeb8f02807b9802fde8dd9052b1fe145e3591d94c2e266419be760faa
s390x
mod_auth_openidc-2.4.9.4-4.el9_4.1.s390x.rpm SHA-256: c2993f454ae12936359582d5fb67362b8c2df9d58a496b1559ba8a12d143f1ba
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.1.s390x.rpm SHA-256: 3025863828a585e7f81e572fe4384ee3002cabbf38c94169987f4c8bad62d47f
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.1.s390x.rpm SHA-256: ee82226e5f4d0d2adf0f37b5fea79de605b335c53145b68f090b358dab624821

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.1.src.rpm SHA-256: c962ccfbeb8f02807b9802fde8dd9052b1fe145e3591d94c2e266419be760faa
x86_64
mod_auth_openidc-2.4.9.4-4.el9_4.1.x86_64.rpm SHA-256: 8332dae97c5dcb2119a829a85bb903d6208a901e111a4110455cfdd421a03f00
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.1.x86_64.rpm SHA-256: 765861463a30615df3828cb7638886a01a437fe7f1c572d649fe6efcc833af1a
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.1.x86_64.rpm SHA-256: eaca1b4666882b0f7b23e3ab460903e3f6361c60b524f7f5c4e6d5a67d371317

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.1.src.rpm SHA-256: c962ccfbeb8f02807b9802fde8dd9052b1fe145e3591d94c2e266419be760faa
aarch64
mod_auth_openidc-2.4.9.4-4.el9_4.1.aarch64.rpm SHA-256: 97ed2297511e180ba9abcf0f8fea2137b58fed815174ba2a218db421a3f75c9c
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.1.aarch64.rpm SHA-256: 7cd8dec9d7e0d878bc03de090ece01e22244c258e873849e93df19a8e1a1dc1d
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.1.aarch64.rpm SHA-256: 65a6f8e7508e769cfb160b77343b18238b7de3af098ab9241573daeeac68e31f

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.1.src.rpm SHA-256: c962ccfbeb8f02807b9802fde8dd9052b1fe145e3591d94c2e266419be760faa
ppc64le
mod_auth_openidc-2.4.9.4-4.el9_4.1.ppc64le.rpm SHA-256: 6dd38fcd11dea318729e0d9aa4399dd8d467e29f8e72b69702d848693aa48e3c
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.1.ppc64le.rpm SHA-256: 535e69848d10eaaab8d1e9e640af8eb139de3b38dc8519949a7cc389ac5e8a55
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.1.ppc64le.rpm SHA-256: f491fca89771d4478551396c13fbf35d2507d2619e6b52369a5fafc349f961d0

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4

SRPM
mod_auth_openidc-2.4.9.4-4.el9_4.1.src.rpm SHA-256: c962ccfbeb8f02807b9802fde8dd9052b1fe145e3591d94c2e266419be760faa
s390x
mod_auth_openidc-2.4.9.4-4.el9_4.1.s390x.rpm SHA-256: c2993f454ae12936359582d5fb67362b8c2df9d58a496b1559ba8a12d143f1ba
mod_auth_openidc-debuginfo-2.4.9.4-4.el9_4.1.s390x.rpm SHA-256: 3025863828a585e7f81e572fe4384ee3002cabbf38c94169987f4c8bad62d47f
mod_auth_openidc-debugsource-2.4.9.4-4.el9_4.1.s390x.rpm SHA-256: ee82226e5f4d0d2adf0f37b5fea79de605b335c53145b68f090b358dab624821

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.