Описание
Security update for apache2-mod_auth_openidc
This update for apache2-mod_auth_openidc fixes the following issues:
- CVE-2025-3891: Fixed denial of service via an empty POST request when OIDCPreservePost is enabled (bsc#1242015).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP6
apache2-mod_auth_openidc-2.3.8-150600.16.11.1
SUSE Linux Enterprise Module for Server Applications 15 SP7
apache2-mod_auth_openidc-2.3.8-150600.16.11.1
openSUSE Leap 15.6
apache2-mod_auth_openidc-2.3.8-150600.16.11.1
Ссылки
- Link for SUSE-SU-2025:01953-1
- E-Mail link for SUSE-SU-2025:01953-1
- SUSE Security Ratings
- SUSE Bug 1242015
- SUSE CVE CVE-2025-3891 page
Описание
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.3.8-150600.16.11.1
SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.3.8-150600.16.11.1
openSUSE Leap 15.6:apache2-mod_auth_openidc-2.3.8-150600.16.11.1
Ссылки
- CVE-2025-3891
- SUSE Bug 1242015