-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 18 Apr 2024 14:20:00 +0200 Source: libapache2-mod-auth-openidc Binary: libapache2-mod-auth-openidc libapache2-mod-auth-openidc-dbgsym Architecture: armhf Version: 2.4.12.3-2+deb12u1 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-ubc-05) Changed-By: Moritz Schlarb Description: libapache2-mod-auth-openidc - OpenID Connect Relying Party implementation for Apache Closes: 1064183 Changes: libapache2-mod-auth-openidc (2.4.12.3-2+deb12u1) bookworm; urgency=medium . * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks cookie value made the server vulnerable to a Denial of Service (DoS) attack. If an attacker manipulated the value of the OpenIDC cookie to a very large integer like 99999999, the server struggled with the request for a long time and finally returned a 500 error. Making a few requests of this kind caused servers to become unresponsive, and so attackers could thereby craft requests that would make the server work very hard and/or crash with minimal effort. (Closes: #1064183) Checksums-Sha1: 246edffbb9a8148be7a42658556ab232a069022b 330544 libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_armhf.deb f196a29a900bed3ece6d94a70c7500b6195eb24e 7861 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_armhf-buildd.buildinfo 8613af8b02ee1fa0e5fc04b32f402c1c4427b39b 178452 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_armhf.deb Checksums-Sha256: ee85d920bc665ac2c2d8e8e139adfe0331d308402bc58d8b4954bbb037907b0a 330544 libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_armhf.deb 3510cdb9cd0cde80456bdb3fb8dec5c31cf71285241090a7cae736b213616df5 7861 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_armhf-buildd.buildinfo 81a2ca5343c8765310de499b979d472466606a1f60c4f58fc4f8e25632db7296 178452 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_armhf.deb Files: 9e7b59758e55ac774fc5f8cbb21b2097 330544 debug optional libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_armhf.deb 9249ef8a340a3879fabc97b904254e27 7861 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_armhf-buildd.buildinfo 8aeacee0c50d099c0323990493f0560f 178452 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEiIhsyZ7bTtoONs0yzW4+LN9obe4FAmYmnDIACgkQzW4+LN9o be4C/BAAvmya+pn4ncGgdwgtUZMmaQXreWFVTFV/6tBZuEtLSWURPL3DKxur86cT FD9jOKj40b82014alPLZ1Hf3ETHbje4qo+BPJwv6Ya95LkBPUuIA9hXziJOcbwEm GSf7CcG/kacXcstVXjyhUnTiNzk8tRSOVNFtLxk3b0ry8VdQc/+YtzOa3GHq+w94 qa8HEr6Je8NsBropPWjPwMfZHJMYiX2nQ98x+FfEbtfXFeEUEM+OSG1DqGeLpn1b sPu9QyZm1arHNQOXj059jJhLRhK0k3GNlWBgihmF3fJMz5MnH1+d/5+KONdwzjXv Z9iJKUl1h+pNiyjl0E2oy0e0yjff20aic0l3VhGbe5hLmy/uH3Exv0jsL7YuJ9ec Dz00q/QawTdILUdQoOrUonF5w6pOAWdN07znqJ6rAepAE+YTPXzgmxxm+uBR+1+t /enZ8WZtl8Vm8OLPSi9za8EzxQoCDmbs/9CCZSJmyh9lTImsZ9apPDh0kZjY66rC DR7TBkdRdGkadZXJ/r/07EeO39cPKtpDWxSdPATfjopscrmci7A+9xhqazgkcRRV xTcs5WQSo0MW3NEac4uyt+wJT049/8v8qHt2nxolMQWYs/IqNpCXnyX2kJ/on5lD khAjVlkhE5CZUcgYTUHmOevARXKNhef+I+1iyP2fKeB4XU/KhrQ= =YlJb -----END PGP SIGNATURE-----