Fedora 41 has released a security update for the mod_auth_openidc package, now at version 2.4.17.2. This update addresses a critical vulnerability identified as CVE-2025-31492, which impacts the functionality of the Apache HTTP Server, allowing it to operate as both an OpenID Connect Relying Party and an OAuth 2.0 Resource Server.
Update Details:
- Package Name: mod_auth_openidc
- Product: Fedora 41
- Version: 2.4.17.2
- Release: 1.fc41
- Update Notification ID: FEDORA-2025-be0c6f25ce
- Release Date: August 28, 2025
Summary of Changes:
The new version resolves security issues related to the handling of OIDCProviderAuthRequestMethod POSTs, which could lead to the unintentional leakage of protected data.
Installation Instructions:
Users can install this update using the command line with the following command:
Security Assurance:
All packages provided in this update are signed with the Fedora Project GPG key, ensuring their integrity and authenticity.
Additional Context:
The mod_auth_openidc module is essential for web server administrators looking to implement authentication protocols such as OpenID Connect and OAuth 2.0. Keeping this module updated is crucial for maintaining a secure web environment.
Future Considerations:
As threats to web applications evolve, users are advised to regularly check for updates and security patches not only for mod_auth_openidc but for all software components in their systems. Staying informed about vulnerabilities and applying updates promptly can help mitigate risks associated with security breaches
Update Details:
- Package Name: mod_auth_openidc
- Product: Fedora 41
- Version: 2.4.17.2
- Release: 1.fc41
- Update Notification ID: FEDORA-2025-be0c6f25ce
- Release Date: August 28, 2025
Summary of Changes:
The new version resolves security issues related to the handling of OIDCProviderAuthRequestMethod POSTs, which could lead to the unintentional leakage of protected data.
Installation Instructions:
Users can install this update using the command line with the following command:
bashsu -c 'dnf upgrade --advisory FEDORA-2025-be0c6f25ce'For further details on using the dnf update tool, refer to the official dnf documentation.
Security Assurance:
All packages provided in this update are signed with the Fedora Project GPG key, ensuring their integrity and authenticity.
Additional Context:
The mod_auth_openidc module is essential for web server administrators looking to implement authentication protocols such as OpenID Connect and OAuth 2.0. Keeping this module updated is crucial for maintaining a secure web environment.
Future Considerations:
As threats to web applications evolve, users are advised to regularly check for updates and security patches not only for mod_auth_openidc but for all software components in their systems. Staying informed about vulnerabilities and applying updates promptly can help mitigate risks associated with security breaches
Mod_Auth_OpenIDC updates for Fedora 41
A security update is available for Fedora 41, which includes a new version of the mod_auth_openidc package. The updated package, version 2.4.17.2, addresses a vulnerability known as CVE-2025-31492 and allows Apache HTTP Server to operate as an OpenID Connect Relying Party and OAuth 2.0 Resource Server.
Fedora 41 Update: mod_auth_openidc-2.4.17.2-1.fc41
