mod_auth_openidc could be made to expose sensitive information over the
network.
Software Description:
- libapache2-mod-auth-openidc: OpenID Connect Relying Party implementation for Apache
Details:
It was discovered that mod_auth_openidc incorrectly handled certain
POST requests. An attacker could possibly use this issue to obtain
sensitive information.
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libapache2-mod-auth-openidc 2.4.16.10-1ubuntu1 Ubuntu 24.10 libapache2-mod-auth-openidc 2.4.15.7-2ubuntu0.1 Ubuntu 24.04 LTS libapache2-mod-auth-openidc 2.4.15.1-1ubuntu0.1 Ubuntu 22.04 LTS libapache2-mod-auth-openidc 2.4.11-1ubuntu0.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7446-1
CVE-2025-31492
Get the latest Linux and open source security news straight to your inbox.