"mod_auth_openidc":"2.3" cjose-0.6.1-4.module+el8+1869+151645c1, mod_auth_openidc-2.4.9.4-8.module+el8+1869+151645c1

エラータID: AXSA:2025-9917:01

Release date: 
Friday, May 9, 2025 - 20:52
Subject: 
"mod_auth_openidc":"2.3" cjose-0.6.1-4.module+el8+1869+151645c1, mod_auth_openidc-2.4.9.4-8.module+el8+1869+151645c1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Security Fix(es):

* mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled (CVE-2025-3891)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-3891
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.

Modularity name: "mod_auth_openidc"
Stream name: "2.3"

Solution: 

Update packages.

CVEs: 
CVE-2025-3891
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
Additional Info: 

N/A

Download: 

SRPMS
  1. cjose-0.6.1-4.module+el8+1869+151645c1.src.rpm
    MD5: b86af77e8f72c0f302e8c8e39b8f242b
    SHA-256: b4d20ca84bd8510db67d9e8c76c9de435e8a30b78c345708bbd6ac691e680b96
    Size: 1.52 MB
  2. mod_auth_openidc-2.4.9.4-8.module+el8+1869+151645c1.src.rpm
    MD5: f03a445ebc61bf49307d2e319362bd57
    SHA-256: ec96f146bc45ee36f4a818b9362d82ee3927918669ca6a6b7a0dfc3033de967d
    Size: 290.70 kB

Asianux Server 8 for x86_64
  1. cjose-0.6.1-4.module+el8+1869+151645c1.x86_64.rpm
    MD5: 54a495b5f6a02356be5530f02af2b05f
    SHA-256: 65d0085c0655567d3100145592d490fcca3ecb354548dadbb7d8a7d3f3c426b3
    Size: 184.73 kB
  2. cjose-debugsource-0.6.1-4.module+el8+1869+151645c1.x86_64.rpm
    MD5: 677a0e240e74556a5f6d0c5a8aaa48cb
    SHA-256: 419a990304a98bca16e82ecd5996d2747ff957eeed0fc0c05b2ccb4deb136c9c
    Size: 41.52 kB
  3. cjose-devel-0.6.1-4.module+el8+1869+151645c1.x86_64.rpm
    MD5: 582b802da239f72861d02e1e67fce7f1
    SHA-256: 2f73e901f76a6ca9ae0553b3f05b1575e981d182a02129181c138b701f94f43d
    Size: 17.64 kB
  4. mod_auth_openidc-2.4.9.4-8.module+el8+1869+151645c1.x86_64.rpm
    MD5: 3ed86171cbb9d452b877d2aff6041b97
    SHA-256: 3584592de53d7898ec42951d45dba2003b615098b51fa73a0f65571f9b3f02cd
    Size: 197.29 kB
  5. mod_auth_openidc-debugsource-2.4.9.4-8.module+el8+1869+151645c1.x86_64.rpm
    MD5: 3014cf01fe3604255a08ebafaed2a3c8
    SHA-256: f2cd9d6e6b5d86fc879f376c7804e61bfce07314bf5b4cb633e6421305eb4fdb
    Size: 150.75 kB