Red Hat Product Errata RHSA-2025:9434 - Security Advisory
Issued:
2025-06-24
Updated:
2025-06-24

RHSA-2025:9434 - Security Advisory

Synopsis

Moderate: mod_proxy_cluster security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for mod_proxy_cluster is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The mod_proxy_cluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality.

Security Fix(es):

  • mod_proxy_cluster: mod_proxy_cluster unauthorized MCMP requests (CVE-2024-10306)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x

Fixes

  • BZ - 2321302 - CVE-2024-10306 mod_proxy_cluster: mod_proxy_cluster unauthorized MCMP requests
  • RHEL-81070 - Rebase mod_proxy_cluster to upstream 1.3.22.Final release

Red Hat Enterprise Linux for x86_64 9

SRPM
mod_proxy_cluster-1.3.22-1.el9_6.1.src.rpm SHA-256: 83083fdb33a65ecbf610b870397b6c918c9b5ae943c2fa886b629fe4c48a4fa6
x86_64
mod_proxy_cluster-1.3.22-1.el9_6.1.x86_64.rpm SHA-256: a97e00322cef26bea7d91bd3bc1211d3657cdc5e4a5744c5b097f7d74a07466e
mod_proxy_cluster-debuginfo-1.3.22-1.el9_6.1.x86_64.rpm SHA-256: 6f99daa307b621c4435f15ddc68171f914e9fd052d0b488bf083bd19bc27ccc3
mod_proxy_cluster-debugsource-1.3.22-1.el9_6.1.x86_64.rpm SHA-256: c437c7997251a56a737ca83104757e8a99e1f13cb9b7a5d3183c431859b831fd

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
mod_proxy_cluster-1.3.22-1.el9_6.1.src.rpm SHA-256: 83083fdb33a65ecbf610b870397b6c918c9b5ae943c2fa886b629fe4c48a4fa6
x86_64
mod_proxy_cluster-1.3.22-1.el9_6.1.x86_64.rpm SHA-256: a97e00322cef26bea7d91bd3bc1211d3657cdc5e4a5744c5b097f7d74a07466e
mod_proxy_cluster-debuginfo-1.3.22-1.el9_6.1.x86_64.rpm SHA-256: 6f99daa307b621c4435f15ddc68171f914e9fd052d0b488bf083bd19bc27ccc3
mod_proxy_cluster-debugsource-1.3.22-1.el9_6.1.x86_64.rpm SHA-256: c437c7997251a56a737ca83104757e8a99e1f13cb9b7a5d3183c431859b831fd

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
mod_proxy_cluster-1.3.22-1.el9_6.1.src.rpm SHA-256: 83083fdb33a65ecbf610b870397b6c918c9b5ae943c2fa886b629fe4c48a4fa6
x86_64
mod_proxy_cluster-1.3.22-1.el9_6.1.x86_64.rpm SHA-256: a97e00322cef26bea7d91bd3bc1211d3657cdc5e4a5744c5b097f7d74a07466e
mod_proxy_cluster-debuginfo-1.3.22-1.el9_6.1.x86_64.rpm SHA-256: 6f99daa307b621c4435f15ddc68171f914e9fd052d0b488bf083bd19bc27ccc3
mod_proxy_cluster-debugsource-1.3.22-1.el9_6.1.x86_64.rpm SHA-256: c437c7997251a56a737ca83104757e8a99e1f13cb9b7a5d3183c431859b831fd

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
mod_proxy_cluster-1.3.22-1.el9_6.1.src.rpm SHA-256: 83083fdb33a65ecbf610b870397b6c918c9b5ae943c2fa886b629fe4c48a4fa6
s390x
mod_proxy_cluster-1.3.22-1.el9_6.1.s390x.rpm SHA-256: e171e45a96561a58f16296b4a0d5b0ac0f2d972364d1f01518d6a31455797fc6
mod_proxy_cluster-debuginfo-1.3.22-1.el9_6.1.s390x.rpm SHA-256: 7edca15f0340634a1cea7694741e43b14fe515edef869dea7b58c66098f8ac6e
mod_proxy_cluster-debugsource-1.3.22-1.el9_6.1.s390x.rpm SHA-256: 5e491f72a50017f9ce7a7f960ee617d8ed0a24d247f4366b90a695886866c3e9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
mod_proxy_cluster-1.3.22-1.el9_6.1.src.rpm SHA-256: 83083fdb33a65ecbf610b870397b6c918c9b5ae943c2fa886b629fe4c48a4fa6
s390x
mod_proxy_cluster-1.3.22-1.el9_6.1.s390x.rpm SHA-256: e171e45a96561a58f16296b4a0d5b0ac0f2d972364d1f01518d6a31455797fc6
mod_proxy_cluster-debuginfo-1.3.22-1.el9_6.1.s390x.rpm SHA-256: 7edca15f0340634a1cea7694741e43b14fe515edef869dea7b58c66098f8ac6e
mod_proxy_cluster-debugsource-1.3.22-1.el9_6.1.s390x.rpm SHA-256: 5e491f72a50017f9ce7a7f960ee617d8ed0a24d247f4366b90a695886866c3e9

Red Hat Enterprise Linux for Power, little endian 9

SRPM
mod_proxy_cluster-1.3.22-1.el9_6.1.src.rpm SHA-256: 83083fdb33a65ecbf610b870397b6c918c9b5ae943c2fa886b629fe4c48a4fa6
ppc64le
mod_proxy_cluster-1.3.22-1.el9_6.1.ppc64le.rpm SHA-256: d8fa20c00833ef1936b72c1faca767af862f5d540134f90957b875746f598c76
mod_proxy_cluster-debuginfo-1.3.22-1.el9_6.1.ppc64le.rpm SHA-256: 8019380fd2cca55d974d58d108f6b0f1b5a8d086e89a25a9ce386db31ed5c53e
mod_proxy_cluster-debugsource-1.3.22-1.el9_6.1.ppc64le.rpm SHA-256: 58498cbe2a7ee2b90e53ac13b9ab254763f55d8797b38a06a6046436b4d4d070

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
mod_proxy_cluster-1.3.22-1.el9_6.1.src.rpm SHA-256: 83083fdb33a65ecbf610b870397b6c918c9b5ae943c2fa886b629fe4c48a4fa6
ppc64le
mod_proxy_cluster-1.3.22-1.el9_6.1.ppc64le.rpm SHA-256: d8fa20c00833ef1936b72c1faca767af862f5d540134f90957b875746f598c76
mod_proxy_cluster-debuginfo-1.3.22-1.el9_6.1.ppc64le.rpm SHA-256: 8019380fd2cca55d974d58d108f6b0f1b5a8d086e89a25a9ce386db31ed5c53e
mod_proxy_cluster-debugsource-1.3.22-1.el9_6.1.ppc64le.rpm SHA-256: 58498cbe2a7ee2b90e53ac13b9ab254763f55d8797b38a06a6046436b4d4d070

Red Hat Enterprise Linux for ARM 64 9

SRPM
mod_proxy_cluster-1.3.22-1.el9_6.1.src.rpm SHA-256: 83083fdb33a65ecbf610b870397b6c918c9b5ae943c2fa886b629fe4c48a4fa6
aarch64
mod_proxy_cluster-1.3.22-1.el9_6.1.aarch64.rpm SHA-256: f0b68c21bb568f31b4c93f37766d4db0b044c1aef194ae2bd41423e5de0d6301
mod_proxy_cluster-debuginfo-1.3.22-1.el9_6.1.aarch64.rpm SHA-256: 0dbbce8060805694b88e686c5e24deb2457efa7f0efadeb5649c97ae6141aff8
mod_proxy_cluster-debugsource-1.3.22-1.el9_6.1.aarch64.rpm SHA-256: 0e17662c24400d34964d29de8f92403e14fe312f49638026ecbafade5697157a

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
mod_proxy_cluster-1.3.22-1.el9_6.1.src.rpm SHA-256: 83083fdb33a65ecbf610b870397b6c918c9b5ae943c2fa886b629fe4c48a4fa6
aarch64
mod_proxy_cluster-1.3.22-1.el9_6.1.aarch64.rpm SHA-256: f0b68c21bb568f31b4c93f37766d4db0b044c1aef194ae2bd41423e5de0d6301
mod_proxy_cluster-debuginfo-1.3.22-1.el9_6.1.aarch64.rpm SHA-256: 0dbbce8060805694b88e686c5e24deb2457efa7f0efadeb5649c97ae6141aff8
mod_proxy_cluster-debugsource-1.3.22-1.el9_6.1.aarch64.rpm SHA-256: 0e17662c24400d34964d29de8f92403e14fe312f49638026ecbafade5697157a

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
mod_proxy_cluster-1.3.22-1.el9_6.1.src.rpm SHA-256: 83083fdb33a65ecbf610b870397b6c918c9b5ae943c2fa886b629fe4c48a4fa6
ppc64le
mod_proxy_cluster-1.3.22-1.el9_6.1.ppc64le.rpm SHA-256: d8fa20c00833ef1936b72c1faca767af862f5d540134f90957b875746f598c76
mod_proxy_cluster-debuginfo-1.3.22-1.el9_6.1.ppc64le.rpm SHA-256: 8019380fd2cca55d974d58d108f6b0f1b5a8d086e89a25a9ce386db31ed5c53e
mod_proxy_cluster-debugsource-1.3.22-1.el9_6.1.ppc64le.rpm SHA-256: 58498cbe2a7ee2b90e53ac13b9ab254763f55d8797b38a06a6046436b4d4d070

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
mod_proxy_cluster-1.3.22-1.el9_6.1.src.rpm SHA-256: 83083fdb33a65ecbf610b870397b6c918c9b5ae943c2fa886b629fe4c48a4fa6
x86_64
mod_proxy_cluster-1.3.22-1.el9_6.1.x86_64.rpm SHA-256: a97e00322cef26bea7d91bd3bc1211d3657cdc5e4a5744c5b097f7d74a07466e
mod_proxy_cluster-debuginfo-1.3.22-1.el9_6.1.x86_64.rpm SHA-256: 6f99daa307b621c4435f15ddc68171f914e9fd052d0b488bf083bd19bc27ccc3
mod_proxy_cluster-debugsource-1.3.22-1.el9_6.1.x86_64.rpm SHA-256: c437c7997251a56a737ca83104757e8a99e1f13cb9b7a5d3183c431859b831fd

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
mod_proxy_cluster-1.3.22-1.el9_6.1.src.rpm SHA-256: 83083fdb33a65ecbf610b870397b6c918c9b5ae943c2fa886b629fe4c48a4fa6
aarch64
mod_proxy_cluster-1.3.22-1.el9_6.1.aarch64.rpm SHA-256: f0b68c21bb568f31b4c93f37766d4db0b044c1aef194ae2bd41423e5de0d6301
mod_proxy_cluster-debuginfo-1.3.22-1.el9_6.1.aarch64.rpm SHA-256: 0dbbce8060805694b88e686c5e24deb2457efa7f0efadeb5649c97ae6141aff8
mod_proxy_cluster-debugsource-1.3.22-1.el9_6.1.aarch64.rpm SHA-256: 0e17662c24400d34964d29de8f92403e14fe312f49638026ecbafade5697157a

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
mod_proxy_cluster-1.3.22-1.el9_6.1.src.rpm SHA-256: 83083fdb33a65ecbf610b870397b6c918c9b5ae943c2fa886b629fe4c48a4fa6
s390x
mod_proxy_cluster-1.3.22-1.el9_6.1.s390x.rpm SHA-256: e171e45a96561a58f16296b4a0d5b0ac0f2d972364d1f01518d6a31455797fc6
mod_proxy_cluster-debuginfo-1.3.22-1.el9_6.1.s390x.rpm SHA-256: 7edca15f0340634a1cea7694741e43b14fe515edef869dea7b58c66098f8ac6e
mod_proxy_cluster-debugsource-1.3.22-1.el9_6.1.s390x.rpm SHA-256: 5e491f72a50017f9ce7a7f960ee617d8ed0a24d247f4366b90a695886866c3e9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.