-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 18 Apr 2024 14:20:00 +0200 Source: libapache2-mod-auth-openidc Binary: libapache2-mod-auth-openidc libapache2-mod-auth-openidc-dbgsym Architecture: ppc64el Version: 2.4.12.3-2+deb12u1 Distribution: bookworm Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) Changed-By: Moritz Schlarb Description: libapache2-mod-auth-openidc - OpenID Connect Relying Party implementation for Apache Closes: 1064183 Changes: libapache2-mod-auth-openidc (2.4.12.3-2+deb12u1) bookworm; urgency=medium . * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks cookie value made the server vulnerable to a Denial of Service (DoS) attack. If an attacker manipulated the value of the OpenIDC cookie to a very large integer like 99999999, the server struggled with the request for a long time and finally returned a 500 error. Making a few requests of this kind caused servers to become unresponsive, and so attackers could thereby craft requests that would make the server work very hard and/or crash with minimal effort. (Closes: #1064183) Checksums-Sha1: dc4a9232f13ff3dce71a72f66eb80ff7f37f13eb 349000 libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_ppc64el.deb 687a2760ce62bfed04771a4fa20f524d0701e854 7982 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_ppc64el-buildd.buildinfo f379c402f36dd771ca1bda6bec758b1220155822 189844 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_ppc64el.deb Checksums-Sha256: c2b1361e00f00523d8947a8ff3ea406396f58f4c434ca289f81b89d68ba3181a 349000 libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_ppc64el.deb a36a079541daebc6984af86152dd40d83ebc8862f40ff80fe004841b82b84a4e 7982 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_ppc64el-buildd.buildinfo e275d74a1f8f13dba4557254ed09ae725e9c141630f3c22a29a2963684562637 189844 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_ppc64el.deb Files: 12bf6cab95d64a1fb26e993451786a11 349000 debug optional libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_ppc64el.deb 9ce6b34adff6f052cea4c8657007fefd 7982 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_ppc64el-buildd.buildinfo a58cffb1ca60a3c439e74a5e155c4ac0 189844 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5hbnFkJlczvLwwS0Y7DdE4sWZ/UFAmYmm4wACgkQY7DdE4sW Z/Wwyw/+LfKFmnjwpOuyRh+enGdXn9lA8ZE+4vVGex9QRMCt+ek+NINIZ6t2QsNa 3ATpZ07Dj8l8x5vEvddpZX+QuCip6Ki2mFwI5RiqwywpIUIUkigTOpXSMbX9lpEo nhJ8J3UeVFLVLRdo6Bx62qsO5hJJoscx/jrJPrBO7T5o3WWsOknz161qR6gr0eB1 tU73xuefzjbu8B9T9AzIC672wFjpx8iW6vqks9CKA25u7sg9pZDg3LFR27PSTT4L dFnLYEbNHFzftFUyhscEyqMP/oRoQrGewr3WeygXws9ABFqpf50OXv6yYOYbEh6+ XzBHi4frpNbViJ5ezG0h1fbF9UF2ZQxCnxr8esDRT8zwc/9y7uslxjcq5tjlyqeL bpKXpuYjaEF3rK48gcORTKLMqeSxxMIQ5pH/v8iX38ZPifSqo51cjbVBv2pTMdjm ubHkAYdoArJzXCR2sxG96b/qO3FTFYW+AFSNBhqnhp0n64pXW076PW1WLy9HL8fm k0zpdoftkl7gbuWXPhXG1iJuDE74n5bZHN8L5110p9HA9/6KvqTkTi7J6v6F8Bxz Ndq5m64GzE9nr1bYXqTDuWTLQoTimRvF95PSQGstr8wYyJzZz4ZEkczjhKDy258a 84o9Be5AwjkJAsg1+FocRaaMjQ33H35nfw6lDGIFoEKqdAYg0KU= =qsjU -----END PGP SIGNATURE-----