Red Hat Product Errata RHSA-2025:7490 - Security Advisory
Issued:
2025-05-13
Updated:
2025-05-13

RHSA-2025:7490 - Security Advisory

Synopsis

Important: mod_auth_openidc security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for mod_auth_openidc is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Security Fix(es):

  • mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data (CVE-2025-31492)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

  • BZ - 2357738 - CVE-2025-31492 mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data

Red Hat Enterprise Linux for x86_64 10

SRPM
mod_auth_openidc-2.4.15-4.el10_0.1.src.rpm SHA-256: 7839c8707243881ffe0292f485addce05d8ebf35309ece55b1655813939de0f9
x86_64
mod_auth_openidc-2.4.15-4.el10_0.1.x86_64.rpm SHA-256: e5998b9f47848e09152d5dcea6d78864293aee7a8f52191e2fe6eef0aafbcb39
mod_auth_openidc-debuginfo-2.4.15-4.el10_0.1.x86_64.rpm SHA-256: 1c409a5f805cfe7f512320afcf54ef02ec768a10af3f3c70622d00a60b38851d
mod_auth_openidc-debugsource-2.4.15-4.el10_0.1.x86_64.rpm SHA-256: 2325f06babf55ac254d65df8e2d2494373d32cf34297ab0f1abd146e3bea14ce

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
mod_auth_openidc-2.4.15-4.el10_0.1.src.rpm SHA-256: 7839c8707243881ffe0292f485addce05d8ebf35309ece55b1655813939de0f9
x86_64
mod_auth_openidc-2.4.15-4.el10_0.1.x86_64.rpm SHA-256: e5998b9f47848e09152d5dcea6d78864293aee7a8f52191e2fe6eef0aafbcb39
mod_auth_openidc-debuginfo-2.4.15-4.el10_0.1.x86_64.rpm SHA-256: 1c409a5f805cfe7f512320afcf54ef02ec768a10af3f3c70622d00a60b38851d
mod_auth_openidc-debugsource-2.4.15-4.el10_0.1.x86_64.rpm SHA-256: 2325f06babf55ac254d65df8e2d2494373d32cf34297ab0f1abd146e3bea14ce

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
mod_auth_openidc-2.4.15-4.el10_0.1.src.rpm SHA-256: 7839c8707243881ffe0292f485addce05d8ebf35309ece55b1655813939de0f9
s390x
mod_auth_openidc-2.4.15-4.el10_0.1.s390x.rpm SHA-256: 1b7c7f52c46c26b40d09f601a46e35941f8c93b7f915cbfabb1a8de890987bd0
mod_auth_openidc-debuginfo-2.4.15-4.el10_0.1.s390x.rpm SHA-256: 11bd93a79f708b2a2df0ff6844be2f98d54266aeb1276067bdd436a81e345fa0
mod_auth_openidc-debugsource-2.4.15-4.el10_0.1.s390x.rpm SHA-256: 2bdad18881e8e27ed9450032bc68a99a32a030697a878fd1293777b13024d995

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
mod_auth_openidc-2.4.15-4.el10_0.1.src.rpm SHA-256: 7839c8707243881ffe0292f485addce05d8ebf35309ece55b1655813939de0f9
s390x
mod_auth_openidc-2.4.15-4.el10_0.1.s390x.rpm SHA-256: 1b7c7f52c46c26b40d09f601a46e35941f8c93b7f915cbfabb1a8de890987bd0
mod_auth_openidc-debuginfo-2.4.15-4.el10_0.1.s390x.rpm SHA-256: 11bd93a79f708b2a2df0ff6844be2f98d54266aeb1276067bdd436a81e345fa0
mod_auth_openidc-debugsource-2.4.15-4.el10_0.1.s390x.rpm SHA-256: 2bdad18881e8e27ed9450032bc68a99a32a030697a878fd1293777b13024d995

Red Hat Enterprise Linux for Power, little endian 10

SRPM
mod_auth_openidc-2.4.15-4.el10_0.1.src.rpm SHA-256: 7839c8707243881ffe0292f485addce05d8ebf35309ece55b1655813939de0f9
ppc64le
mod_auth_openidc-2.4.15-4.el10_0.1.ppc64le.rpm SHA-256: c48ee2a8e7e90f1e1f6269db9bda451e75d45c7d252d6d5974a48801475d2229
mod_auth_openidc-debuginfo-2.4.15-4.el10_0.1.ppc64le.rpm SHA-256: d2e37e26a3621f1f33bb35484aa29f112513543aa066e134bd3eca07a1bf533a
mod_auth_openidc-debugsource-2.4.15-4.el10_0.1.ppc64le.rpm SHA-256: e38e2459d15a4baaecc9c86576d102f3fa703dce0a1a1311ba533f5dcda30960

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
mod_auth_openidc-2.4.15-4.el10_0.1.src.rpm SHA-256: 7839c8707243881ffe0292f485addce05d8ebf35309ece55b1655813939de0f9
ppc64le
mod_auth_openidc-2.4.15-4.el10_0.1.ppc64le.rpm SHA-256: c48ee2a8e7e90f1e1f6269db9bda451e75d45c7d252d6d5974a48801475d2229
mod_auth_openidc-debuginfo-2.4.15-4.el10_0.1.ppc64le.rpm SHA-256: d2e37e26a3621f1f33bb35484aa29f112513543aa066e134bd3eca07a1bf533a
mod_auth_openidc-debugsource-2.4.15-4.el10_0.1.ppc64le.rpm SHA-256: e38e2459d15a4baaecc9c86576d102f3fa703dce0a1a1311ba533f5dcda30960

Red Hat Enterprise Linux for ARM 64 10

SRPM
mod_auth_openidc-2.4.15-4.el10_0.1.src.rpm SHA-256: 7839c8707243881ffe0292f485addce05d8ebf35309ece55b1655813939de0f9
aarch64
mod_auth_openidc-2.4.15-4.el10_0.1.aarch64.rpm SHA-256: 5674bff6a3a8b1e1a2915f29e82addae75b194ca385a1337c7529f4715a7f088
mod_auth_openidc-debuginfo-2.4.15-4.el10_0.1.aarch64.rpm SHA-256: 9d0d37bccc1ba7ee48094fd06b2884357f107cfa529a91ce7591b1952310c4bd
mod_auth_openidc-debugsource-2.4.15-4.el10_0.1.aarch64.rpm SHA-256: b8d93403c7200a963ea4aacc7d989485db19c8d43bc5b910cec2712c6c550a83

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
mod_auth_openidc-2.4.15-4.el10_0.1.src.rpm SHA-256: 7839c8707243881ffe0292f485addce05d8ebf35309ece55b1655813939de0f9
aarch64
mod_auth_openidc-2.4.15-4.el10_0.1.aarch64.rpm SHA-256: 5674bff6a3a8b1e1a2915f29e82addae75b194ca385a1337c7529f4715a7f088
mod_auth_openidc-debuginfo-2.4.15-4.el10_0.1.aarch64.rpm SHA-256: 9d0d37bccc1ba7ee48094fd06b2884357f107cfa529a91ce7591b1952310c4bd
mod_auth_openidc-debugsource-2.4.15-4.el10_0.1.aarch64.rpm SHA-256: b8d93403c7200a963ea4aacc7d989485db19c8d43bc5b910cec2712c6c550a83

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
mod_auth_openidc-2.4.15-4.el10_0.1.src.rpm SHA-256: 7839c8707243881ffe0292f485addce05d8ebf35309ece55b1655813939de0f9
aarch64
mod_auth_openidc-2.4.15-4.el10_0.1.aarch64.rpm SHA-256: 5674bff6a3a8b1e1a2915f29e82addae75b194ca385a1337c7529f4715a7f088
mod_auth_openidc-debuginfo-2.4.15-4.el10_0.1.aarch64.rpm SHA-256: 9d0d37bccc1ba7ee48094fd06b2884357f107cfa529a91ce7591b1952310c4bd
mod_auth_openidc-debugsource-2.4.15-4.el10_0.1.aarch64.rpm SHA-256: b8d93403c7200a963ea4aacc7d989485db19c8d43bc5b910cec2712c6c550a83

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
mod_auth_openidc-2.4.15-4.el10_0.1.src.rpm SHA-256: 7839c8707243881ffe0292f485addce05d8ebf35309ece55b1655813939de0f9
s390x
mod_auth_openidc-2.4.15-4.el10_0.1.s390x.rpm SHA-256: 1b7c7f52c46c26b40d09f601a46e35941f8c93b7f915cbfabb1a8de890987bd0
mod_auth_openidc-debuginfo-2.4.15-4.el10_0.1.s390x.rpm SHA-256: 11bd93a79f708b2a2df0ff6844be2f98d54266aeb1276067bdd436a81e345fa0
mod_auth_openidc-debugsource-2.4.15-4.el10_0.1.s390x.rpm SHA-256: 2bdad18881e8e27ed9450032bc68a99a32a030697a878fd1293777b13024d995

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
mod_auth_openidc-2.4.15-4.el10_0.1.src.rpm SHA-256: 7839c8707243881ffe0292f485addce05d8ebf35309ece55b1655813939de0f9
ppc64le
mod_auth_openidc-2.4.15-4.el10_0.1.ppc64le.rpm SHA-256: c48ee2a8e7e90f1e1f6269db9bda451e75d45c7d252d6d5974a48801475d2229
mod_auth_openidc-debuginfo-2.4.15-4.el10_0.1.ppc64le.rpm SHA-256: d2e37e26a3621f1f33bb35484aa29f112513543aa066e134bd3eca07a1bf533a
mod_auth_openidc-debugsource-2.4.15-4.el10_0.1.ppc64le.rpm SHA-256: e38e2459d15a4baaecc9c86576d102f3fa703dce0a1a1311ba533f5dcda30960

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
mod_auth_openidc-2.4.15-4.el10_0.1.src.rpm SHA-256: 7839c8707243881ffe0292f485addce05d8ebf35309ece55b1655813939de0f9
x86_64
mod_auth_openidc-2.4.15-4.el10_0.1.x86_64.rpm SHA-256: e5998b9f47848e09152d5dcea6d78864293aee7a8f52191e2fe6eef0aafbcb39
mod_auth_openidc-debuginfo-2.4.15-4.el10_0.1.x86_64.rpm SHA-256: 1c409a5f805cfe7f512320afcf54ef02ec768a10af3f3c70622d00a60b38851d
mod_auth_openidc-debugsource-2.4.15-4.el10_0.1.x86_64.rpm SHA-256: 2325f06babf55ac254d65df8e2d2494373d32cf34297ab0f1abd146e3bea14ce

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.