ELSA-2025-3997

ELSA-2025-3997 - mod_auth_openidc:2.3 security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2025-04-22

Description


cjose
mod_auth_openidc
[2.4.9.4-7]
- Resolves: RHEL-86218 - mod_auth_openidc allows OIDCProviderAuthRequestMethod
POSTs to leak protected data (CVE-2025-31492)


Related CVEs


CVE-2025-31492

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) cjose-0.6.1-4.module+el8.10.0+90549+7b4eddfc.src.rpm9f34f299ac1a3a75cdb97bac793023e24fdb7cbe53769df9209897b782523a9a-ol8_aarch64_appstream
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+90549+7b4eddfc.src.rpm31d8cd467f7d32921d2b8117ba22b3c667945dd21176b8e7a3097e6f8f7a37d7-ol8_aarch64_appstream
cjose-0.6.1-4.module+el8.10.0+90549+7b4eddfc.aarch64.rpmf2c14a4f45bafecaffa371540b8eee4d3424dc3088fec3a58688daa1c5724179-ol8_aarch64_appstream
cjose-devel-0.6.1-4.module+el8.10.0+90549+7b4eddfc.aarch64.rpm6dcee6a33e382efbc42eee8f2b9e6eba59339e0f62e11d30e9da611b0b93d2f4-ol8_aarch64_appstream
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+90549+7b4eddfc.aarch64.rpmb27d03e586d9ef818eca1234d0de0105d916e2ed74c2432e252b74c87158f604-ol8_aarch64_appstream
Oracle Linux 8 (x86_64) cjose-0.6.1-4.module+el8.10.0+90549+7b4eddfc.src.rpm9f34f299ac1a3a75cdb97bac793023e24fdb7cbe53769df9209897b782523a9a-ol8_x86_64_appstream
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+90549+7b4eddfc.src.rpm31d8cd467f7d32921d2b8117ba22b3c667945dd21176b8e7a3097e6f8f7a37d7-ol8_x86_64_appstream
cjose-0.6.1-4.module+el8.10.0+90549+7b4eddfc.x86_64.rpm40bd8f78da4f83e8518ea1e03b44608a65161cf0e254693e7bfd0c438aa78e90-ol8_x86_64_appstream
cjose-devel-0.6.1-4.module+el8.10.0+90549+7b4eddfc.x86_64.rpmcc979109d71db7fbbe4405e9cc57584131840b83414e543d1ba0cdc5a73a2078-ol8_x86_64_appstream
mod_auth_openidc-2.4.9.4-7.module+el8.10.0+90549+7b4eddfc.x86_64.rpm17f1f6de06fd752d481b0ac1f7103e7c3e5e20812ff16ace6186afadb3ed39d4-ol8_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete