Red Hat Product Errata RHSA-2025:7419 - Security Advisory
Issued:
2025-05-13
Updated:
2025-05-13

RHSA-2025:7419 - Security Advisory

Synopsis

Important: mod_auth_openidc security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for mod_auth_openidc is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Security Fix(es):

  • mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data (CVE-2025-31492)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x

Fixes

  • BZ - 2357738 - CVE-2025-31492 mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data

Red Hat Enterprise Linux for x86_64 9

SRPM
mod_auth_openidc-2.4.10-1.el9_6.1.src.rpm SHA-256: 8c60d21af89680956385db85d10cc9c6c0bdbd31dc39392efa63de35408163cc
x86_64
mod_auth_openidc-2.4.10-1.el9_6.1.x86_64.rpm SHA-256: f150eb08f188c3d8f6c45e307af698247d164f109260051220cfce3835a14a6a
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.1.x86_64.rpm SHA-256: 7a8350462a3629de770cf7f4c87d3c9c3fdebd98545197a1fcc5b68b706dfc2e
mod_auth_openidc-debugsource-2.4.10-1.el9_6.1.x86_64.rpm SHA-256: d3133a381c37014de64f9ca970a708fa756feb9775aa1703cf87cf052ae24a47

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9_6.1.src.rpm SHA-256: 8c60d21af89680956385db85d10cc9c6c0bdbd31dc39392efa63de35408163cc
x86_64
mod_auth_openidc-2.4.10-1.el9_6.1.x86_64.rpm SHA-256: f150eb08f188c3d8f6c45e307af698247d164f109260051220cfce3835a14a6a
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.1.x86_64.rpm SHA-256: 7a8350462a3629de770cf7f4c87d3c9c3fdebd98545197a1fcc5b68b706dfc2e
mod_auth_openidc-debugsource-2.4.10-1.el9_6.1.x86_64.rpm SHA-256: d3133a381c37014de64f9ca970a708fa756feb9775aa1703cf87cf052ae24a47

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9_6.1.src.rpm SHA-256: 8c60d21af89680956385db85d10cc9c6c0bdbd31dc39392efa63de35408163cc
x86_64
mod_auth_openidc-2.4.10-1.el9_6.1.x86_64.rpm SHA-256: f150eb08f188c3d8f6c45e307af698247d164f109260051220cfce3835a14a6a
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.1.x86_64.rpm SHA-256: 7a8350462a3629de770cf7f4c87d3c9c3fdebd98545197a1fcc5b68b706dfc2e
mod_auth_openidc-debugsource-2.4.10-1.el9_6.1.x86_64.rpm SHA-256: d3133a381c37014de64f9ca970a708fa756feb9775aa1703cf87cf052ae24a47

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
mod_auth_openidc-2.4.10-1.el9_6.1.src.rpm SHA-256: 8c60d21af89680956385db85d10cc9c6c0bdbd31dc39392efa63de35408163cc
s390x
mod_auth_openidc-2.4.10-1.el9_6.1.s390x.rpm SHA-256: 57bad9995a69b0c19785cb48456c748fd508c69eba5e4f82296759e16b7d367f
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.1.s390x.rpm SHA-256: 208527278fa41f9c14012502fd959c89008f034f67e0ff0f949c6d2b3331d24f
mod_auth_openidc-debugsource-2.4.10-1.el9_6.1.s390x.rpm SHA-256: bec1e7265407ce58f32e6fa238ea3f688aa36599f3aeb2c35c8e2dd853e3b33b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9_6.1.src.rpm SHA-256: 8c60d21af89680956385db85d10cc9c6c0bdbd31dc39392efa63de35408163cc
s390x
mod_auth_openidc-2.4.10-1.el9_6.1.s390x.rpm SHA-256: 57bad9995a69b0c19785cb48456c748fd508c69eba5e4f82296759e16b7d367f
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.1.s390x.rpm SHA-256: 208527278fa41f9c14012502fd959c89008f034f67e0ff0f949c6d2b3331d24f
mod_auth_openidc-debugsource-2.4.10-1.el9_6.1.s390x.rpm SHA-256: bec1e7265407ce58f32e6fa238ea3f688aa36599f3aeb2c35c8e2dd853e3b33b

Red Hat Enterprise Linux for Power, little endian 9

SRPM
mod_auth_openidc-2.4.10-1.el9_6.1.src.rpm SHA-256: 8c60d21af89680956385db85d10cc9c6c0bdbd31dc39392efa63de35408163cc
ppc64le
mod_auth_openidc-2.4.10-1.el9_6.1.ppc64le.rpm SHA-256: 1041b24f50058571fa71a5724e46cdd332f849a515209a563b47b5509b0f9f1c
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.1.ppc64le.rpm SHA-256: 3b9c289da27ecf4b0e37e009bae648b2e8d10342b275786b17d7e2715129ef37
mod_auth_openidc-debugsource-2.4.10-1.el9_6.1.ppc64le.rpm SHA-256: 5e79045f85f104f0a04d4a3645eb462e83840b9e05fc1db2f0ee7c683fe93f6b

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9_6.1.src.rpm SHA-256: 8c60d21af89680956385db85d10cc9c6c0bdbd31dc39392efa63de35408163cc
ppc64le
mod_auth_openidc-2.4.10-1.el9_6.1.ppc64le.rpm SHA-256: 1041b24f50058571fa71a5724e46cdd332f849a515209a563b47b5509b0f9f1c
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.1.ppc64le.rpm SHA-256: 3b9c289da27ecf4b0e37e009bae648b2e8d10342b275786b17d7e2715129ef37
mod_auth_openidc-debugsource-2.4.10-1.el9_6.1.ppc64le.rpm SHA-256: 5e79045f85f104f0a04d4a3645eb462e83840b9e05fc1db2f0ee7c683fe93f6b

Red Hat Enterprise Linux for ARM 64 9

SRPM
mod_auth_openidc-2.4.10-1.el9_6.1.src.rpm SHA-256: 8c60d21af89680956385db85d10cc9c6c0bdbd31dc39392efa63de35408163cc
aarch64
mod_auth_openidc-2.4.10-1.el9_6.1.aarch64.rpm SHA-256: 8c29082478c71724c2328133f722f70dc88376ff75540431527b0d40e20d1766
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.1.aarch64.rpm SHA-256: 061abbd0bc72dcede31b7099ca4f0053dea8e911292c7b424f0672b9f961135d
mod_auth_openidc-debugsource-2.4.10-1.el9_6.1.aarch64.rpm SHA-256: 50b2e2b5317185aa220aa1c8d4125f22b707f5ce47f3af33879727e812645433

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9_6.1.src.rpm SHA-256: 8c60d21af89680956385db85d10cc9c6c0bdbd31dc39392efa63de35408163cc
aarch64
mod_auth_openidc-2.4.10-1.el9_6.1.aarch64.rpm SHA-256: 8c29082478c71724c2328133f722f70dc88376ff75540431527b0d40e20d1766
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.1.aarch64.rpm SHA-256: 061abbd0bc72dcede31b7099ca4f0053dea8e911292c7b424f0672b9f961135d
mod_auth_openidc-debugsource-2.4.10-1.el9_6.1.aarch64.rpm SHA-256: 50b2e2b5317185aa220aa1c8d4125f22b707f5ce47f3af33879727e812645433

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9_6.1.src.rpm SHA-256: 8c60d21af89680956385db85d10cc9c6c0bdbd31dc39392efa63de35408163cc
ppc64le
mod_auth_openidc-2.4.10-1.el9_6.1.ppc64le.rpm SHA-256: 1041b24f50058571fa71a5724e46cdd332f849a515209a563b47b5509b0f9f1c
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.1.ppc64le.rpm SHA-256: 3b9c289da27ecf4b0e37e009bae648b2e8d10342b275786b17d7e2715129ef37
mod_auth_openidc-debugsource-2.4.10-1.el9_6.1.ppc64le.rpm SHA-256: 5e79045f85f104f0a04d4a3645eb462e83840b9e05fc1db2f0ee7c683fe93f6b

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9_6.1.src.rpm SHA-256: 8c60d21af89680956385db85d10cc9c6c0bdbd31dc39392efa63de35408163cc
x86_64
mod_auth_openidc-2.4.10-1.el9_6.1.x86_64.rpm SHA-256: f150eb08f188c3d8f6c45e307af698247d164f109260051220cfce3835a14a6a
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.1.x86_64.rpm SHA-256: 7a8350462a3629de770cf7f4c87d3c9c3fdebd98545197a1fcc5b68b706dfc2e
mod_auth_openidc-debugsource-2.4.10-1.el9_6.1.x86_64.rpm SHA-256: d3133a381c37014de64f9ca970a708fa756feb9775aa1703cf87cf052ae24a47

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9_6.1.src.rpm SHA-256: 8c60d21af89680956385db85d10cc9c6c0bdbd31dc39392efa63de35408163cc
aarch64
mod_auth_openidc-2.4.10-1.el9_6.1.aarch64.rpm SHA-256: 8c29082478c71724c2328133f722f70dc88376ff75540431527b0d40e20d1766
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.1.aarch64.rpm SHA-256: 061abbd0bc72dcede31b7099ca4f0053dea8e911292c7b424f0672b9f961135d
mod_auth_openidc-debugsource-2.4.10-1.el9_6.1.aarch64.rpm SHA-256: 50b2e2b5317185aa220aa1c8d4125f22b707f5ce47f3af33879727e812645433

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9_6.1.src.rpm SHA-256: 8c60d21af89680956385db85d10cc9c6c0bdbd31dc39392efa63de35408163cc
s390x
mod_auth_openidc-2.4.10-1.el9_6.1.s390x.rpm SHA-256: 57bad9995a69b0c19785cb48456c748fd508c69eba5e4f82296759e16b7d367f
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.1.s390x.rpm SHA-256: 208527278fa41f9c14012502fd959c89008f034f67e0ff0f949c6d2b3331d24f
mod_auth_openidc-debugsource-2.4.10-1.el9_6.1.s390x.rpm SHA-256: bec1e7265407ce58f32e6fa238ea3f688aa36599f3aeb2c35c8e2dd853e3b33b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.