SUSE-SU-2025:01962-1

Опубликовано: 16 июн. 2025

Источник: suse-cvrf

Описание

Security update for apache2-mod_auth_openidc

This update for apache2-mod_auth_openidc fixes the following issues:

CVE-2025-3891: Fixed denial of service via an empty POST request when OIDCPreservePost is enabled (bsc#1242015).

Список пакетов

SUSE Enterprise Storage 7.1

apache2-mod_auth_openidc-2.3.8-150100.3.34.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

apache2-mod_auth_openidc-2.3.8-150100.3.34.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

apache2-mod_auth_openidc-2.3.8-150100.3.34.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

apache2-mod_auth_openidc-2.3.8-150100.3.34.1

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

apache2-mod_auth_openidc-2.3.8-150100.3.34.1

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

apache2-mod_auth_openidc-2.3.8-150100.3.34.1

SUSE Linux Enterprise Server 15 SP3-LTSS

apache2-mod_auth_openidc-2.3.8-150100.3.34.1

SUSE Linux Enterprise Server 15 SP4-LTSS

apache2-mod_auth_openidc-2.3.8-150100.3.34.1

SUSE Linux Enterprise Server 15 SP5-LTSS

apache2-mod_auth_openidc-2.3.8-150100.3.34.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

apache2-mod_auth_openidc-2.3.8-150100.3.34.1

SUSE Linux Enterprise Server for SAP Applications 15 SP4

apache2-mod_auth_openidc-2.3.8-150100.3.34.1

SUSE Linux Enterprise Server for SAP Applications 15 SP5

apache2-mod_auth_openidc-2.3.8-150100.3.34.1

SUSE Manager Proxy 4.3

apache2-mod_auth_openidc-2.3.8-150100.3.34.1

SUSE Manager Server 4.3

apache2-mod_auth_openidc-2.3.8-150100.3.34.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202501962-1/
Link for SUSE-SU-2025:01962-1
https://lists.suse.com/pipermail/sle-updates/2025-June/040310.html
E-Mail link for SUSE-SU-2025:01962-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1242015
SUSE Bug 1242015
https://www.suse.com/security/cve/CVE-2025-3891/
SUSE CVE CVE-2025-3891 page

Описание

A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.

Затронутые продукты

SUSE Enterprise Storage 7.1:apache2-mod_auth_openidc-2.3.8-150100.3.34.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.34.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:apache2-mod_auth_openidc-2.3.8-150100.3.34.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:apache2-mod_auth_openidc-2.3.8-150100.3.34.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-3891.html
CVE-2025-3891
https://bugzilla.suse.com/1242015
SUSE Bug 1242015

SUSE-SU-2025:01962-1

Описание

Список пакетов

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server 15 SP4-LTSS

SUSE Linux Enterprise Server 15 SP5-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP3

SUSE Linux Enterprise Server for SAP Applications 15 SP4

SUSE Linux Enterprise Server for SAP Applications 15 SP5

SUSE Manager Proxy 4.3

SUSE Manager Server 4.3

Ссылки

Уязвимость: CVE-2025-3891

Описание

Затронутые продукты

Ссылки