Red Hat Product Errata RHSA-2025:9466 - Security Advisory
Issued:
2025-06-24
Updated:
2025-06-24

RHSA-2025:9466 - Security Advisory

Synopsis

Moderate: mod_proxy_cluster security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for mod_proxy_cluster is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The mod_proxy_cluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality.

Security Fix(es):

  • mod_proxy_cluster: mod_proxy_cluster unauthorized MCMP requests (CVE-2024-10306)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

  • BZ - 2321302 - CVE-2024-10306 mod_proxy_cluster: mod_proxy_cluster unauthorized MCMP requests

Red Hat Enterprise Linux for x86_64 10

SRPM
mod_proxy_cluster-1.3.22-1.el10_0.2.src.rpm SHA-256: 89076d1b9026d76ab044dd63345f686d3aeaf3485ae3bcefed3e44bccbb88a8b
x86_64
mod_proxy_cluster-1.3.22-1.el10_0.2.x86_64.rpm SHA-256: 4f823839b68865161340a26acb4f09d0e69252b39a9eb539943179c44cc06695
mod_proxy_cluster-debuginfo-1.3.22-1.el10_0.2.x86_64.rpm SHA-256: 907383c37eb991f8dd926a13a1233fa0dc998e51c930bcf4323284b443800e50
mod_proxy_cluster-debugsource-1.3.22-1.el10_0.2.x86_64.rpm SHA-256: 87eaafb9429a7365a35c3ef5fd012fb68a30a63a5506daebf4fbd6d46029980d

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
mod_proxy_cluster-1.3.22-1.el10_0.2.src.rpm SHA-256: 89076d1b9026d76ab044dd63345f686d3aeaf3485ae3bcefed3e44bccbb88a8b
x86_64
mod_proxy_cluster-1.3.22-1.el10_0.2.x86_64.rpm SHA-256: 4f823839b68865161340a26acb4f09d0e69252b39a9eb539943179c44cc06695
mod_proxy_cluster-debuginfo-1.3.22-1.el10_0.2.x86_64.rpm SHA-256: 907383c37eb991f8dd926a13a1233fa0dc998e51c930bcf4323284b443800e50
mod_proxy_cluster-debugsource-1.3.22-1.el10_0.2.x86_64.rpm SHA-256: 87eaafb9429a7365a35c3ef5fd012fb68a30a63a5506daebf4fbd6d46029980d

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
mod_proxy_cluster-1.3.22-1.el10_0.2.src.rpm SHA-256: 89076d1b9026d76ab044dd63345f686d3aeaf3485ae3bcefed3e44bccbb88a8b
s390x
mod_proxy_cluster-1.3.22-1.el10_0.2.s390x.rpm SHA-256: 844fa152afb83d0b94dd732e7ac74bc159abc11697dc31a98e5bc9866b499ef4
mod_proxy_cluster-debuginfo-1.3.22-1.el10_0.2.s390x.rpm SHA-256: 42a20fb2367781e126f35bb3ebcbf989cb9bbac1bb971d431c30f2eee17b787c
mod_proxy_cluster-debugsource-1.3.22-1.el10_0.2.s390x.rpm SHA-256: 13c56e8e820d9db181834d01e3b72149de8b83ef492c80475375145b65136fc8

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
mod_proxy_cluster-1.3.22-1.el10_0.2.src.rpm SHA-256: 89076d1b9026d76ab044dd63345f686d3aeaf3485ae3bcefed3e44bccbb88a8b
s390x
mod_proxy_cluster-1.3.22-1.el10_0.2.s390x.rpm SHA-256: 844fa152afb83d0b94dd732e7ac74bc159abc11697dc31a98e5bc9866b499ef4
mod_proxy_cluster-debuginfo-1.3.22-1.el10_0.2.s390x.rpm SHA-256: 42a20fb2367781e126f35bb3ebcbf989cb9bbac1bb971d431c30f2eee17b787c
mod_proxy_cluster-debugsource-1.3.22-1.el10_0.2.s390x.rpm SHA-256: 13c56e8e820d9db181834d01e3b72149de8b83ef492c80475375145b65136fc8

Red Hat Enterprise Linux for Power, little endian 10

SRPM
mod_proxy_cluster-1.3.22-1.el10_0.2.src.rpm SHA-256: 89076d1b9026d76ab044dd63345f686d3aeaf3485ae3bcefed3e44bccbb88a8b
ppc64le
mod_proxy_cluster-1.3.22-1.el10_0.2.ppc64le.rpm SHA-256: be944683bca84d5e160d68afbb2176788dbf0c738c40e64ebbcd6514c13727fc
mod_proxy_cluster-debuginfo-1.3.22-1.el10_0.2.ppc64le.rpm SHA-256: 196e40d5c5d15bde62f1622dfee398f719709352b7b38eb5d0c3b4640af62576
mod_proxy_cluster-debugsource-1.3.22-1.el10_0.2.ppc64le.rpm SHA-256: 2604f35cbd78a31775b37a9cafdc5fd6bb831b624d0dce910c01feccf4cd60d4

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
mod_proxy_cluster-1.3.22-1.el10_0.2.src.rpm SHA-256: 89076d1b9026d76ab044dd63345f686d3aeaf3485ae3bcefed3e44bccbb88a8b
ppc64le
mod_proxy_cluster-1.3.22-1.el10_0.2.ppc64le.rpm SHA-256: be944683bca84d5e160d68afbb2176788dbf0c738c40e64ebbcd6514c13727fc
mod_proxy_cluster-debuginfo-1.3.22-1.el10_0.2.ppc64le.rpm SHA-256: 196e40d5c5d15bde62f1622dfee398f719709352b7b38eb5d0c3b4640af62576
mod_proxy_cluster-debugsource-1.3.22-1.el10_0.2.ppc64le.rpm SHA-256: 2604f35cbd78a31775b37a9cafdc5fd6bb831b624d0dce910c01feccf4cd60d4

Red Hat Enterprise Linux for ARM 64 10

SRPM
mod_proxy_cluster-1.3.22-1.el10_0.2.src.rpm SHA-256: 89076d1b9026d76ab044dd63345f686d3aeaf3485ae3bcefed3e44bccbb88a8b
aarch64
mod_proxy_cluster-1.3.22-1.el10_0.2.aarch64.rpm SHA-256: 56f71b207ac9b0b523b137856224472960f0143670b51a0aa6973a1d6a585ecd
mod_proxy_cluster-debuginfo-1.3.22-1.el10_0.2.aarch64.rpm SHA-256: ff554695ff51a91cd479a07153d4d2eca1eb174a38085656b8be853e93ba2c27
mod_proxy_cluster-debugsource-1.3.22-1.el10_0.2.aarch64.rpm SHA-256: 60b0b0b960ab5b8a4761215fcaff45c9e947a2bb80a3944953f900e8bbe3de15

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
mod_proxy_cluster-1.3.22-1.el10_0.2.src.rpm SHA-256: 89076d1b9026d76ab044dd63345f686d3aeaf3485ae3bcefed3e44bccbb88a8b
aarch64
mod_proxy_cluster-1.3.22-1.el10_0.2.aarch64.rpm SHA-256: 56f71b207ac9b0b523b137856224472960f0143670b51a0aa6973a1d6a585ecd
mod_proxy_cluster-debuginfo-1.3.22-1.el10_0.2.aarch64.rpm SHA-256: ff554695ff51a91cd479a07153d4d2eca1eb174a38085656b8be853e93ba2c27
mod_proxy_cluster-debugsource-1.3.22-1.el10_0.2.aarch64.rpm SHA-256: 60b0b0b960ab5b8a4761215fcaff45c9e947a2bb80a3944953f900e8bbe3de15

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
mod_proxy_cluster-1.3.22-1.el10_0.2.src.rpm SHA-256: 89076d1b9026d76ab044dd63345f686d3aeaf3485ae3bcefed3e44bccbb88a8b
aarch64
mod_proxy_cluster-1.3.22-1.el10_0.2.aarch64.rpm SHA-256: 56f71b207ac9b0b523b137856224472960f0143670b51a0aa6973a1d6a585ecd
mod_proxy_cluster-debuginfo-1.3.22-1.el10_0.2.aarch64.rpm SHA-256: ff554695ff51a91cd479a07153d4d2eca1eb174a38085656b8be853e93ba2c27
mod_proxy_cluster-debugsource-1.3.22-1.el10_0.2.aarch64.rpm SHA-256: 60b0b0b960ab5b8a4761215fcaff45c9e947a2bb80a3944953f900e8bbe3de15

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
mod_proxy_cluster-1.3.22-1.el10_0.2.src.rpm SHA-256: 89076d1b9026d76ab044dd63345f686d3aeaf3485ae3bcefed3e44bccbb88a8b
s390x
mod_proxy_cluster-1.3.22-1.el10_0.2.s390x.rpm SHA-256: 844fa152afb83d0b94dd732e7ac74bc159abc11697dc31a98e5bc9866b499ef4
mod_proxy_cluster-debuginfo-1.3.22-1.el10_0.2.s390x.rpm SHA-256: 42a20fb2367781e126f35bb3ebcbf989cb9bbac1bb971d431c30f2eee17b787c
mod_proxy_cluster-debugsource-1.3.22-1.el10_0.2.s390x.rpm SHA-256: 13c56e8e820d9db181834d01e3b72149de8b83ef492c80475375145b65136fc8

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
mod_proxy_cluster-1.3.22-1.el10_0.2.src.rpm SHA-256: 89076d1b9026d76ab044dd63345f686d3aeaf3485ae3bcefed3e44bccbb88a8b
ppc64le
mod_proxy_cluster-1.3.22-1.el10_0.2.ppc64le.rpm SHA-256: be944683bca84d5e160d68afbb2176788dbf0c738c40e64ebbcd6514c13727fc
mod_proxy_cluster-debuginfo-1.3.22-1.el10_0.2.ppc64le.rpm SHA-256: 196e40d5c5d15bde62f1622dfee398f719709352b7b38eb5d0c3b4640af62576
mod_proxy_cluster-debugsource-1.3.22-1.el10_0.2.ppc64le.rpm SHA-256: 2604f35cbd78a31775b37a9cafdc5fd6bb831b624d0dce910c01feccf4cd60d4

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
mod_proxy_cluster-1.3.22-1.el10_0.2.src.rpm SHA-256: 89076d1b9026d76ab044dd63345f686d3aeaf3485ae3bcefed3e44bccbb88a8b
x86_64
mod_proxy_cluster-1.3.22-1.el10_0.2.x86_64.rpm SHA-256: 4f823839b68865161340a26acb4f09d0e69252b39a9eb539943179c44cc06695
mod_proxy_cluster-debuginfo-1.3.22-1.el10_0.2.x86_64.rpm SHA-256: 907383c37eb991f8dd926a13a1233fa0dc998e51c930bcf4323284b443800e50
mod_proxy_cluster-debugsource-1.3.22-1.el10_0.2.x86_64.rpm SHA-256: 87eaafb9429a7365a35c3ef5fd012fb68a30a63a5506daebf4fbd6d46029980d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.