FERRAMENTAS LINUX: Critical Security Update: Apache2-mod_auth_openidc Vulnerability Patched (CVE-2025-3891)

terça-feira, 20 de maio de 2025

Critical Security Update: Apache2-mod_auth_openidc Vulnerability Patched (CVE-2025-3891)

 

SUSE

Critical SUSE security update patches Apache2-mod_auth_openidc vulnerability (CVE-2025-3891, CVSS 8.2). Learn patch instructions, affected systems, and enterprise risk mitigation steps to prevent denial-of-service attacks.


Key Details at a Glance

  • Announcement ID: SUSE-SU-2025:01585-1

  • Release Date: May 19, 2025

  • Severity: Important (CVSS: 8.2)

  • Affected Systems:

    • SUSE Linux Enterprise Server 12 SP5 (LTSS & Extended Security)

    • SUSE Linux Enterprise High Performance Computing 12 SP5

    • SUSE Linux Enterprise Server for SAP Applications 12 SP5

🔴 Urgent Action Required: A denial-of-service (DoS) vulnerability (CVE-2025-3891) has been discovered in apache2-mod_auth_openidc. Unpatched systems risk service disruption from malicious POST requests.

Vulnerability Breakdown & Risk Assessment

CVE-2025-3891: Exploit Mechanics

The flaw allows attackers to crash Apache services by sending specially crafted POST requests with:

✔ Empty Content-Type header

 OIDCPreservePost enabled

CVSS v4.0 Score: 8.2 (High)

  • Attack Vector: Network (AV:N)

  • Impact: High Availability Risk (VA:H)

Comparison of CVSS Scores:

SourceCVSS 3.1CVSS 4.0
SUSE7.58.2
NVD5.3–7.5

💡 Why This Matters for Enterprises:

  • DoS attacks can disrupt authentication services, leading to downtime and compliance risks.

  • SAP environments are particularly vulnerable due to reliance on OpenID Connect.

Patch Instructions & Mitigation Steps

Recommended Update Methods

  1. YaST Online Update (GUI)

  2. Command Line (zypper):

    bash
    Copy
    Download
    # For SUSE Linux Enterprise Server 12 SP5 LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-1585=1

  3. Extended Security Users:

    bash
    Copy
    Download
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1585=1

Affected Packages

ArchitecturePackage Versions
x86_64apache2-mod_auth_openidc-2.4.0-7.22.1
aarch64apache2-mod_auth_openidc-debuginfo-2.4.0-7.22.1

⚠ Temporary Workaround: Disable OIDCPreservePost if immediate patching isn’t feasible.

FAQ: Addressing User Intent & Featured Snippets

Q: How serious is CVE-2025-3891?

A: Rated 8.2 CVSS (High), it allows remote attackers to disrupt services without authentication.

Q: Which SUSE products are affected?

A: All SUSE Linux Enterprise 12 SP5 variants, including LTSS and SAP editions.

Q: Is there a temporary fix?

A: Disabling OIDCPreservePost mitigates risk until patching.

Cezar Henrique at
Marcadores: Linux, Android, Segurança , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)