FERRAMENTAS LINUX: Critical Security Update: Apache2-mod_auth_openidc Vulnerability Patched (CVE-2025-3891)

terça-feira, 20 de maio de 2025

Critical Security Update: Apache2-mod_auth_openidc Vulnerability Patched (CVE-2025-3891)

Urgent SUSE Linux security update fixes CVE-2025-3891, a high-risk Apache2-mod_auth_openidc DoS vulnerability (CVSS 8.2). Learn patch instructions for SUSE Enterprise 12 SP5, LTSS, and SAP systems to prevent attacks.

Urgent Patch Required to Prevent DoS Attacks

SUSE has released a high-priority security update for apache2-mod_auth_openidc, addressing a critical vulnerability (CVE-2025-3891) that could lead to denial-of-service (DoS) attacks.

This flaw affects multiple SUSE Linux Enterprise distributions, making immediate patching essential for system administrators and cybersecurity professionals.

Vulnerability Details & Risk Assessment

CVE ID: CVE-2025-3891
CVSS Score: Up to 8.2 (CVSS v4.0) | 7.5 (CVSS v3.1)
Exploitability: Remote attackers can trigger a DoS via malformed POST requests with an empty Content-Type header when OIDCPreservePost is enabled.
Affected Systems:
- SUSE Linux Enterprise High Performance Computing 12 SP5
- SUSE Linux Enterprise Server 12 SP5 (LTSS & Extended Security)
- SUSE Linux Enterprise Server for SAP Applications 12 SP5

Patch Instructions & Mitigation Steps

To secure your systems, apply the update immediately using one of the following methods:

Recommended Update Methods:

✅ YaST Online Update (GUI-based)
✅ Command Line (zypper):

zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-1585=1

Updated Package Versions:

apache2-mod_auth_openidc-2.4.0-7.22.1
Debug packages also updated for troubleshooting.

Why This Update Matters for Enterprise Security

This patch prevents service disruptions that could impact mission-critical applications, particularly in SAP environments and high-performance computing (HPC) setups. Unpatched systems risk downtime, loss of productivity, and potential secondary exploits.