Red Hat Product Errata RHSA-2025:9396 - Security Advisory
Issued:
2025-06-23
Updated:
2025-06-23

RHSA-2025:9396 - Security Advisory

Synopsis

Important: mod_auth_openidc security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for mod_auth_openidc is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Security Fix(es):

  • mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled (CVE-2025-3891)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x

Fixes

  • BZ - 2361633 - CVE-2025-3891 mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled

Red Hat Enterprise Linux for x86_64 9

SRPM
mod_auth_openidc-2.4.10-1.el9_6.2.src.rpm SHA-256: 8e1bef6c87253847e5a46814d61aca47bc42b69d3ec8b1e7327f1736320cde5d
x86_64
mod_auth_openidc-2.4.10-1.el9_6.2.x86_64.rpm SHA-256: 5f6dad03799307b759a61b9e6a189ce93013c3f748162330be04853767c56f10
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.2.x86_64.rpm SHA-256: 573a15d803b2b2f902261131e236f7bdb7e365e9562562042944b6647cb6f188
mod_auth_openidc-debugsource-2.4.10-1.el9_6.2.x86_64.rpm SHA-256: 5d589256de830ed7a9943798a2cc920abb859c0d76f3dce85697b66c30753478

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9_6.2.src.rpm SHA-256: 8e1bef6c87253847e5a46814d61aca47bc42b69d3ec8b1e7327f1736320cde5d
x86_64
mod_auth_openidc-2.4.10-1.el9_6.2.x86_64.rpm SHA-256: 5f6dad03799307b759a61b9e6a189ce93013c3f748162330be04853767c56f10
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.2.x86_64.rpm SHA-256: 573a15d803b2b2f902261131e236f7bdb7e365e9562562042944b6647cb6f188
mod_auth_openidc-debugsource-2.4.10-1.el9_6.2.x86_64.rpm SHA-256: 5d589256de830ed7a9943798a2cc920abb859c0d76f3dce85697b66c30753478

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9_6.2.src.rpm SHA-256: 8e1bef6c87253847e5a46814d61aca47bc42b69d3ec8b1e7327f1736320cde5d
x86_64
mod_auth_openidc-2.4.10-1.el9_6.2.x86_64.rpm SHA-256: 5f6dad03799307b759a61b9e6a189ce93013c3f748162330be04853767c56f10
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.2.x86_64.rpm SHA-256: 573a15d803b2b2f902261131e236f7bdb7e365e9562562042944b6647cb6f188
mod_auth_openidc-debugsource-2.4.10-1.el9_6.2.x86_64.rpm SHA-256: 5d589256de830ed7a9943798a2cc920abb859c0d76f3dce85697b66c30753478

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
mod_auth_openidc-2.4.10-1.el9_6.2.src.rpm SHA-256: 8e1bef6c87253847e5a46814d61aca47bc42b69d3ec8b1e7327f1736320cde5d
s390x
mod_auth_openidc-2.4.10-1.el9_6.2.s390x.rpm SHA-256: 37a97985c4a04d4a1b3c135fc467d453c9af1739f89020c26c95307be47e0460
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.2.s390x.rpm SHA-256: 65dc69a8f90a9eb196526a9a81efd50ab6a5cdf7da273caca3fd16a03a4f8afe
mod_auth_openidc-debugsource-2.4.10-1.el9_6.2.s390x.rpm SHA-256: 0650c82db8bdfacf2ea2770fa1ce1746518ada3008ad491a0730059eada4634c

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9_6.2.src.rpm SHA-256: 8e1bef6c87253847e5a46814d61aca47bc42b69d3ec8b1e7327f1736320cde5d
s390x
mod_auth_openidc-2.4.10-1.el9_6.2.s390x.rpm SHA-256: 37a97985c4a04d4a1b3c135fc467d453c9af1739f89020c26c95307be47e0460
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.2.s390x.rpm SHA-256: 65dc69a8f90a9eb196526a9a81efd50ab6a5cdf7da273caca3fd16a03a4f8afe
mod_auth_openidc-debugsource-2.4.10-1.el9_6.2.s390x.rpm SHA-256: 0650c82db8bdfacf2ea2770fa1ce1746518ada3008ad491a0730059eada4634c

Red Hat Enterprise Linux for Power, little endian 9

SRPM
mod_auth_openidc-2.4.10-1.el9_6.2.src.rpm SHA-256: 8e1bef6c87253847e5a46814d61aca47bc42b69d3ec8b1e7327f1736320cde5d
ppc64le
mod_auth_openidc-2.4.10-1.el9_6.2.ppc64le.rpm SHA-256: 8c2043aac7f489323df69857d7df5e4421bf4ddf713d180605bd252b5711c0a9
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.2.ppc64le.rpm SHA-256: b1b23c78ae56328d53e238d26d3684e8cccf018e17de3b823e22849780d00afa
mod_auth_openidc-debugsource-2.4.10-1.el9_6.2.ppc64le.rpm SHA-256: b641af3dc612a3f753961de2b47e8c6f5eb32465b07eb4d23939080758340f59

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9_6.2.src.rpm SHA-256: 8e1bef6c87253847e5a46814d61aca47bc42b69d3ec8b1e7327f1736320cde5d
ppc64le
mod_auth_openidc-2.4.10-1.el9_6.2.ppc64le.rpm SHA-256: 8c2043aac7f489323df69857d7df5e4421bf4ddf713d180605bd252b5711c0a9
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.2.ppc64le.rpm SHA-256: b1b23c78ae56328d53e238d26d3684e8cccf018e17de3b823e22849780d00afa
mod_auth_openidc-debugsource-2.4.10-1.el9_6.2.ppc64le.rpm SHA-256: b641af3dc612a3f753961de2b47e8c6f5eb32465b07eb4d23939080758340f59

Red Hat Enterprise Linux for ARM 64 9

SRPM
mod_auth_openidc-2.4.10-1.el9_6.2.src.rpm SHA-256: 8e1bef6c87253847e5a46814d61aca47bc42b69d3ec8b1e7327f1736320cde5d
aarch64
mod_auth_openidc-2.4.10-1.el9_6.2.aarch64.rpm SHA-256: 02bd2f848dc68013ede0fa4002788f7430c66c8d076c0aa56084e1a28cbae876
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.2.aarch64.rpm SHA-256: 12688bb560787bd5d291232f6793338fd6f8ccb9ada703c1490d74d7c0b6e60c
mod_auth_openidc-debugsource-2.4.10-1.el9_6.2.aarch64.rpm SHA-256: 8c114db5df16ffeef556f7729d4c9ab0d74d107520aace90112a0460129efe65

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9_6.2.src.rpm SHA-256: 8e1bef6c87253847e5a46814d61aca47bc42b69d3ec8b1e7327f1736320cde5d
aarch64
mod_auth_openidc-2.4.10-1.el9_6.2.aarch64.rpm SHA-256: 02bd2f848dc68013ede0fa4002788f7430c66c8d076c0aa56084e1a28cbae876
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.2.aarch64.rpm SHA-256: 12688bb560787bd5d291232f6793338fd6f8ccb9ada703c1490d74d7c0b6e60c
mod_auth_openidc-debugsource-2.4.10-1.el9_6.2.aarch64.rpm SHA-256: 8c114db5df16ffeef556f7729d4c9ab0d74d107520aace90112a0460129efe65

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9_6.2.src.rpm SHA-256: 8e1bef6c87253847e5a46814d61aca47bc42b69d3ec8b1e7327f1736320cde5d
ppc64le
mod_auth_openidc-2.4.10-1.el9_6.2.ppc64le.rpm SHA-256: 8c2043aac7f489323df69857d7df5e4421bf4ddf713d180605bd252b5711c0a9
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.2.ppc64le.rpm SHA-256: b1b23c78ae56328d53e238d26d3684e8cccf018e17de3b823e22849780d00afa
mod_auth_openidc-debugsource-2.4.10-1.el9_6.2.ppc64le.rpm SHA-256: b641af3dc612a3f753961de2b47e8c6f5eb32465b07eb4d23939080758340f59

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9_6.2.src.rpm SHA-256: 8e1bef6c87253847e5a46814d61aca47bc42b69d3ec8b1e7327f1736320cde5d
x86_64
mod_auth_openidc-2.4.10-1.el9_6.2.x86_64.rpm SHA-256: 5f6dad03799307b759a61b9e6a189ce93013c3f748162330be04853767c56f10
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.2.x86_64.rpm SHA-256: 573a15d803b2b2f902261131e236f7bdb7e365e9562562042944b6647cb6f188
mod_auth_openidc-debugsource-2.4.10-1.el9_6.2.x86_64.rpm SHA-256: 5d589256de830ed7a9943798a2cc920abb859c0d76f3dce85697b66c30753478

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9_6.2.src.rpm SHA-256: 8e1bef6c87253847e5a46814d61aca47bc42b69d3ec8b1e7327f1736320cde5d
aarch64
mod_auth_openidc-2.4.10-1.el9_6.2.aarch64.rpm SHA-256: 02bd2f848dc68013ede0fa4002788f7430c66c8d076c0aa56084e1a28cbae876
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.2.aarch64.rpm SHA-256: 12688bb560787bd5d291232f6793338fd6f8ccb9ada703c1490d74d7c0b6e60c
mod_auth_openidc-debugsource-2.4.10-1.el9_6.2.aarch64.rpm SHA-256: 8c114db5df16ffeef556f7729d4c9ab0d74d107520aace90112a0460129efe65

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
mod_auth_openidc-2.4.10-1.el9_6.2.src.rpm SHA-256: 8e1bef6c87253847e5a46814d61aca47bc42b69d3ec8b1e7327f1736320cde5d
s390x
mod_auth_openidc-2.4.10-1.el9_6.2.s390x.rpm SHA-256: 37a97985c4a04d4a1b3c135fc467d453c9af1739f89020c26c95307be47e0460
mod_auth_openidc-debuginfo-2.4.10-1.el9_6.2.s390x.rpm SHA-256: 65dc69a8f90a9eb196526a9a81efd50ab6a5cdf7da273caca3fd16a03a4f8afe
mod_auth_openidc-debugsource-2.4.10-1.el9_6.2.s390x.rpm SHA-256: 0650c82db8bdfacf2ea2770fa1ce1746518ada3008ad491a0730059eada4634c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.