-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 18 Apr 2024 14:20:00 +0200 Source: libapache2-mod-auth-openidc Binary: libapache2-mod-auth-openidc libapache2-mod-auth-openidc-dbgsym Architecture: mipsel Version: 2.4.12.3-2+deb12u1 Distribution: bookworm Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-04) Changed-By: Moritz Schlarb Description: libapache2-mod-auth-openidc - OpenID Connect Relying Party implementation for Apache Closes: 1064183 Changes: libapache2-mod-auth-openidc (2.4.12.3-2+deb12u1) bookworm; urgency=medium . * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks cookie value made the server vulnerable to a Denial of Service (DoS) attack. If an attacker manipulated the value of the OpenIDC cookie to a very large integer like 99999999, the server struggled with the request for a long time and finally returned a 500 error. Making a few requests of this kind caused servers to become unresponsive, and so attackers could thereby craft requests that would make the server work very hard and/or crash with minimal effort. (Closes: #1064183) Checksums-Sha1: 9258e857db41915eb471f24cadd0de20f430fc61 345948 libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_mipsel.deb 2b7a083b72fac98307c1209953bb54053577e18e 7823 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_mipsel-buildd.buildinfo d6f7feabf79363f6f61d8cfe4659810319332203 163756 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_mipsel.deb Checksums-Sha256: 074a2c758c7f5a1be7513fdeabc50d6e8acf62acd20492c5d3312a1b61742601 345948 libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_mipsel.deb d3d95d847cd11894b1f50387dfd44311ea17813e5bb2b667eb4e667d234f4831 7823 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_mipsel-buildd.buildinfo d0fed51e920e6499a73bfd2e9ed1da4688bcc0d5102618efc5d2ee8ead867000 163756 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_mipsel.deb Files: 426091b26637c45a921587f07ed806ec 345948 debug optional libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_mipsel.deb a2d75a5f157a5fb1cd3ea43176a9b1d1 7823 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_mipsel-buildd.buildinfo 4b001d80dd3b51893d41ce5d82cfb9d5 163756 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_mipsel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEEmZlxOBLdXDBxnwAL00bee7O74EFAmYmtu8ACgkQL00bee7O 74FMbQ//aOl6t5GDgXg47lnK7v03NXZFRYx2gnTPQA1iAx1CMhauej2QOzkgEAE8 cwNoTxGVuah6vG9vNFguDETl2MiW/K+tb/HGiveZULg+/wX7xOjWsz6dJGHIB/do EHoTypeJnrT5W4hURndupksEzeExwWNX2vuXpqd7kRFL9RcbHLrWQqb0dabRQQay r2dkhQsS9PEVt2bVJbNIS5MOM1N8pMJNLsgVx8wGZLzo5GJ3EJzxZKcSD6H0VVec KOQktghQkFtb4NPdQ/mSYd0RfhyQ7mbvFNRm1fyjDNJ/pCAbJCRqv9VSD8I9kcgr vgEtuyHU6cbP9YU34bSTJ8/ZuYeieRQL9fss9r+oBkLMrBHewxAd9RNk2iVgb5cE XQGzpSUZazxX+/Ads06A7wbHVifmk+LCSO7YYS5tbdRXmts+NwrMa07Du5hGdm1+ Px0YYyTeE63ogy3/zU1EaUc2abJ8Oon7PGy3x5zvdRGEOx+zW4aufHURy+KuKWyV mqpdDIrOnK1Hx85lpd9oG0jqF1272I9adzGWrSlwNvkiXoYLfjosOVrFF/SIWACF tMZRLd5DghECfsSUMnt6+QUvRRD3n3aJP1YldpkH5AbEh4nnLxVLtwwBD6vmnC+X hrcUSInxQ1dOQsfE0noUJSjRd2e3bz7iSEHwaaSDNDnQEq1tRlI= =4TTy -----END PGP SIGNATURE-----