Red Hat Product Errata RHSA-2025:4225 - Security Advisory
Issued:
2025-04-28
Updated:
2025-04-28

RHSA-2025:4225 - Security Advisory

Synopsis

Important: mod_auth_openidc security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for mod_auth_openidc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Security Fix(es):

  • mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data (CVE-2025-31492)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x

Fixes

  • BZ - 2357738 - CVE-2025-31492 mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM
mod_auth_openidc-2.4.9.4-1.el9_2.2.src.rpm SHA-256: 5670ae395d1858638ee2fbd56c1ba2a92f1de4ea589b5c8562e3f0702f983d1a
x86_64
mod_auth_openidc-2.4.9.4-1.el9_2.2.x86_64.rpm SHA-256: 1e5e6583dc244d580d96b215b5836dd7c4856fa135f896e33f0eee42fa926271
mod_auth_openidc-debuginfo-2.4.9.4-1.el9_2.2.x86_64.rpm SHA-256: 1aeabcfd7be2eab83865384bf85fa74307ab0d098c3753a8b6d36174cbfbe4b4
mod_auth_openidc-debugsource-2.4.9.4-1.el9_2.2.x86_64.rpm SHA-256: 956301fc7fc2a597b08be1e289f77c394d7004ec26cb9b003b95b84500556fa0

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
mod_auth_openidc-2.4.9.4-1.el9_2.2.src.rpm SHA-256: 5670ae395d1858638ee2fbd56c1ba2a92f1de4ea589b5c8562e3f0702f983d1a
x86_64
mod_auth_openidc-2.4.9.4-1.el9_2.2.x86_64.rpm SHA-256: 1e5e6583dc244d580d96b215b5836dd7c4856fa135f896e33f0eee42fa926271
mod_auth_openidc-debuginfo-2.4.9.4-1.el9_2.2.x86_64.rpm SHA-256: 1aeabcfd7be2eab83865384bf85fa74307ab0d098c3753a8b6d36174cbfbe4b4
mod_auth_openidc-debugsource-2.4.9.4-1.el9_2.2.x86_64.rpm SHA-256: 956301fc7fc2a597b08be1e289f77c394d7004ec26cb9b003b95b84500556fa0

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2

SRPM
mod_auth_openidc-2.4.9.4-1.el9_2.2.src.rpm SHA-256: 5670ae395d1858638ee2fbd56c1ba2a92f1de4ea589b5c8562e3f0702f983d1a
s390x
mod_auth_openidc-2.4.9.4-1.el9_2.2.s390x.rpm SHA-256: b43d00c9e35016f11dd5206f50063e693e89e03846cea20a3bf7f3f87a50daf0
mod_auth_openidc-debuginfo-2.4.9.4-1.el9_2.2.s390x.rpm SHA-256: f5ee3013824fdd8cd52a1a5e72b174cb0d8d25989451778ca44df43bc07fa3f3
mod_auth_openidc-debugsource-2.4.9.4-1.el9_2.2.s390x.rpm SHA-256: 0dbbbb905ee87f89f8518d367590170d2d8fce1b7f493be25ee4d90e785c48d1

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM
mod_auth_openidc-2.4.9.4-1.el9_2.2.src.rpm SHA-256: 5670ae395d1858638ee2fbd56c1ba2a92f1de4ea589b5c8562e3f0702f983d1a
ppc64le
mod_auth_openidc-2.4.9.4-1.el9_2.2.ppc64le.rpm SHA-256: d39481dc0f9105e24ed24be68ade1f8bcc5123fd5ec1d1bf0ba740d24aed3393
mod_auth_openidc-debuginfo-2.4.9.4-1.el9_2.2.ppc64le.rpm SHA-256: 75923164700118ea2245c7b0bb70fb533810e98b89df4ae92017cdb270f04be3
mod_auth_openidc-debugsource-2.4.9.4-1.el9_2.2.ppc64le.rpm SHA-256: 26717373f8423f8bfed49970aae417499fd40e2e2fd9cd93711d95ba636ddf6b

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2

SRPM
mod_auth_openidc-2.4.9.4-1.el9_2.2.src.rpm SHA-256: 5670ae395d1858638ee2fbd56c1ba2a92f1de4ea589b5c8562e3f0702f983d1a
aarch64
mod_auth_openidc-2.4.9.4-1.el9_2.2.aarch64.rpm SHA-256: fa0a83d8a69da372d6745b1ada5c527a20c83160b0b500cc7e04f715e3f91484
mod_auth_openidc-debuginfo-2.4.9.4-1.el9_2.2.aarch64.rpm SHA-256: 67fdb6facfc97ba1ee2d9159038782ad9d1161113a7c24d38dacfff1cfe6b1ea
mod_auth_openidc-debugsource-2.4.9.4-1.el9_2.2.aarch64.rpm SHA-256: 2a8c018036035f293c85d0d7439ee8fe7c7c45f02305310e458fa8c0578281d7

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
mod_auth_openidc-2.4.9.4-1.el9_2.2.src.rpm SHA-256: 5670ae395d1858638ee2fbd56c1ba2a92f1de4ea589b5c8562e3f0702f983d1a
ppc64le
mod_auth_openidc-2.4.9.4-1.el9_2.2.ppc64le.rpm SHA-256: d39481dc0f9105e24ed24be68ade1f8bcc5123fd5ec1d1bf0ba740d24aed3393
mod_auth_openidc-debuginfo-2.4.9.4-1.el9_2.2.ppc64le.rpm SHA-256: 75923164700118ea2245c7b0bb70fb533810e98b89df4ae92017cdb270f04be3
mod_auth_openidc-debugsource-2.4.9.4-1.el9_2.2.ppc64le.rpm SHA-256: 26717373f8423f8bfed49970aae417499fd40e2e2fd9cd93711d95ba636ddf6b

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
mod_auth_openidc-2.4.9.4-1.el9_2.2.src.rpm SHA-256: 5670ae395d1858638ee2fbd56c1ba2a92f1de4ea589b5c8562e3f0702f983d1a
x86_64
mod_auth_openidc-2.4.9.4-1.el9_2.2.x86_64.rpm SHA-256: 1e5e6583dc244d580d96b215b5836dd7c4856fa135f896e33f0eee42fa926271
mod_auth_openidc-debuginfo-2.4.9.4-1.el9_2.2.x86_64.rpm SHA-256: 1aeabcfd7be2eab83865384bf85fa74307ab0d098c3753a8b6d36174cbfbe4b4
mod_auth_openidc-debugsource-2.4.9.4-1.el9_2.2.x86_64.rpm SHA-256: 956301fc7fc2a597b08be1e289f77c394d7004ec26cb9b003b95b84500556fa0

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2

SRPM
mod_auth_openidc-2.4.9.4-1.el9_2.2.src.rpm SHA-256: 5670ae395d1858638ee2fbd56c1ba2a92f1de4ea589b5c8562e3f0702f983d1a
aarch64
mod_auth_openidc-2.4.9.4-1.el9_2.2.aarch64.rpm SHA-256: fa0a83d8a69da372d6745b1ada5c527a20c83160b0b500cc7e04f715e3f91484
mod_auth_openidc-debuginfo-2.4.9.4-1.el9_2.2.aarch64.rpm SHA-256: 67fdb6facfc97ba1ee2d9159038782ad9d1161113a7c24d38dacfff1cfe6b1ea
mod_auth_openidc-debugsource-2.4.9.4-1.el9_2.2.aarch64.rpm SHA-256: 2a8c018036035f293c85d0d7439ee8fe7c7c45f02305310e458fa8c0578281d7

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2

SRPM
mod_auth_openidc-2.4.9.4-1.el9_2.2.src.rpm SHA-256: 5670ae395d1858638ee2fbd56c1ba2a92f1de4ea589b5c8562e3f0702f983d1a
s390x
mod_auth_openidc-2.4.9.4-1.el9_2.2.s390x.rpm SHA-256: b43d00c9e35016f11dd5206f50063e693e89e03846cea20a3bf7f3f87a50daf0
mod_auth_openidc-debuginfo-2.4.9.4-1.el9_2.2.s390x.rpm SHA-256: f5ee3013824fdd8cd52a1a5e72b174cb0d8d25989451778ca44df43bc07fa3f3
mod_auth_openidc-debugsource-2.4.9.4-1.el9_2.2.s390x.rpm SHA-256: 0dbbbb905ee87f89f8518d367590170d2d8fce1b7f493be25ee4d90e785c48d1

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2

SRPM
mod_auth_openidc-2.4.9.4-1.el9_2.2.src.rpm SHA-256: 5670ae395d1858638ee2fbd56c1ba2a92f1de4ea589b5c8562e3f0702f983d1a
x86_64
mod_auth_openidc-2.4.9.4-1.el9_2.2.x86_64.rpm SHA-256: 1e5e6583dc244d580d96b215b5836dd7c4856fa135f896e33f0eee42fa926271
mod_auth_openidc-debuginfo-2.4.9.4-1.el9_2.2.x86_64.rpm SHA-256: 1aeabcfd7be2eab83865384bf85fa74307ab0d098c3753a8b6d36174cbfbe4b4
mod_auth_openidc-debugsource-2.4.9.4-1.el9_2.2.x86_64.rpm SHA-256: 956301fc7fc2a597b08be1e289f77c394d7004ec26cb9b003b95b84500556fa0

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2

SRPM
mod_auth_openidc-2.4.9.4-1.el9_2.2.src.rpm SHA-256: 5670ae395d1858638ee2fbd56c1ba2a92f1de4ea589b5c8562e3f0702f983d1a
aarch64
mod_auth_openidc-2.4.9.4-1.el9_2.2.aarch64.rpm SHA-256: fa0a83d8a69da372d6745b1ada5c527a20c83160b0b500cc7e04f715e3f91484
mod_auth_openidc-debuginfo-2.4.9.4-1.el9_2.2.aarch64.rpm SHA-256: 67fdb6facfc97ba1ee2d9159038782ad9d1161113a7c24d38dacfff1cfe6b1ea
mod_auth_openidc-debugsource-2.4.9.4-1.el9_2.2.aarch64.rpm SHA-256: 2a8c018036035f293c85d0d7439ee8fe7c7c45f02305310e458fa8c0578281d7

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2

SRPM
mod_auth_openidc-2.4.9.4-1.el9_2.2.src.rpm SHA-256: 5670ae395d1858638ee2fbd56c1ba2a92f1de4ea589b5c8562e3f0702f983d1a
ppc64le
mod_auth_openidc-2.4.9.4-1.el9_2.2.ppc64le.rpm SHA-256: d39481dc0f9105e24ed24be68ade1f8bcc5123fd5ec1d1bf0ba740d24aed3393
mod_auth_openidc-debuginfo-2.4.9.4-1.el9_2.2.ppc64le.rpm SHA-256: 75923164700118ea2245c7b0bb70fb533810e98b89df4ae92017cdb270f04be3
mod_auth_openidc-debugsource-2.4.9.4-1.el9_2.2.ppc64le.rpm SHA-256: 26717373f8423f8bfed49970aae417499fd40e2e2fd9cd93711d95ba636ddf6b

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2

SRPM
mod_auth_openidc-2.4.9.4-1.el9_2.2.src.rpm SHA-256: 5670ae395d1858638ee2fbd56c1ba2a92f1de4ea589b5c8562e3f0702f983d1a
s390x
mod_auth_openidc-2.4.9.4-1.el9_2.2.s390x.rpm SHA-256: b43d00c9e35016f11dd5206f50063e693e89e03846cea20a3bf7f3f87a50daf0
mod_auth_openidc-debuginfo-2.4.9.4-1.el9_2.2.s390x.rpm SHA-256: f5ee3013824fdd8cd52a1a5e72b174cb0d8d25989451778ca44df43bc07fa3f3
mod_auth_openidc-debugsource-2.4.9.4-1.el9_2.2.s390x.rpm SHA-256: 0dbbbb905ee87f89f8518d367590170d2d8fce1b7f493be25ee4d90e785c48d1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.