mod_auth_openidc-2.4.10-1.el9_6.2

エラータID: AXSA:2025-10555:02

リリース日: 
2025/07/22 Tuesday - 20:58
題名: 
mod_auth_openidc-2.4.10-1.el9_6.2
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Security Fix(es):

* mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled (CVE-2025-3891)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-3891
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.

解決策: 

Update packages.

CVE: 
CVE-2025-3891
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. mod_auth_openidc-2.4.10-1.el9_6.2.src.rpm
    MD5: 43f9748e4761ac18dca3fe786e567f88
    SHA-256: 4c430cd8ccf94f12283e88334051a302509fae32e155e374d59ea5ea8b609a25
    Size: 607.51 kB

Asianux Server 9 for x86_64
  1. mod_auth_openidc-2.4.10-1.el9_6.2.x86_64.rpm
    MD5: 860ecc17bee8637b5f4dfbc4e24b1518
    SHA-256: 65fb9c85ded6568599a9f829e77afc3947d5129d8fbffe99000689154928fdf5
    Size: 195.12 kB