-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 18 Apr 2024 14:27:26 +0200 Source: libapache2-mod-auth-openidc Binary: libapache2-mod-auth-openidc libapache2-mod-auth-openidc-dbgsym Architecture: mips64el Version: 2.4.9.4-0+deb11u4 Distribution: bullseye Urgency: high Maintainer: mipsel Build Daemon (mipsel-osuosl-03) Changed-By: Moritz Schlarb Description: libapache2-mod-auth-openidc - OpenID Connect authentication module for Apache Closes: 1064183 Changes: libapache2-mod-auth-openidc (2.4.9.4-0+deb11u4) bullseye; urgency=high . * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks cookie value made the server vulnerable to a Denial of Service (DoS) attack. If an attacker manipulated the value of the OpenIDC cookie to a very large integer like 99999999, the server struggled with the request for a long time and finally returned a 500 error. Making a few requests of this kind caused servers to become unresponsive, and so attackers could thereby craft requests that would make the server work very hard and/or crash with minimal effort. (Closes: #1064183) Checksums-Sha1: 7d6318a33c63e0199cad1efdd2d541f8717fc144 346016 libapache2-mod-auth-openidc-dbgsym_2.4.9.4-0+deb11u4_mips64el.deb 2ba4fbfbb3b3a186a430ffd07e7b2e0478208035 8119 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_mips64el-buildd.buildinfo 9b71fba1b37409cdfc704baafbe7711b9ebfdec5 156760 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_mips64el.deb Checksums-Sha256: c635490b0b22aa29db066fe87839ace06818b23a053485c0720653b08d88ce4e 346016 libapache2-mod-auth-openidc-dbgsym_2.4.9.4-0+deb11u4_mips64el.deb 36efd691324b0d00ebf8c264172938f5f43beb8bc2db6dd83f2cce263adf7da8 8119 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_mips64el-buildd.buildinfo 623b97ab74ddf2463a6e3f1ba8778e3f23f4fc1ee7adc66cc36bd0bc8ba75eea 156760 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_mips64el.deb Files: c712a84661fe0666ecfeb271322d871d 346016 debug optional libapache2-mod-auth-openidc-dbgsym_2.4.9.4-0+deb11u4_mips64el.deb e079ee85152ba8c865deeabfe9927b0e 8119 httpd optional libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_mips64el-buildd.buildinfo d1271259e7221c1ebb19a149bb6e1eae 156760 httpd optional libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_mips64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEunmvxaaGKuI+hxxClmZGXOM83t8FAmYm0AgACgkQlmZGXOM8 3t+pqQ/+L7XASpSb9R3PZd0Cu+DAOhMpCVpA6tCMqb1o9n7qWsvmC4Oow/iSllIS FKD/zRY8nKMx5Wbl+dh5XPnLaSubhajY2r86UrWyTovVgCpHwiWE1yBKfG3yZ4hP Zbp0QB000ILCjeDKU/Kx3FHXBLHpQQLemlJDyivA3Rn2qmztpNnfUL/tFT/PGpk4 jmCJViGYGuLWVhkvqrIYkft0wPLreoXrzEht1/zVdLkd2WRLvknU5g39EJdNotCp wDhSjGnudkXJ2O5sX+mLmRrUMr+c50WGbUfXQaV3JEfli9NfybyrCe+DL9KKoRaH 16sbqrbx8JDd4iJeYEOwtHynVtwNHn4Vv3AvjJ0QIR224f5M0D0Et3DnN42YpBUL sA8HW1eZehC8m4njtkJoqQxaMYuCtcevn8VBm5kpfTt2xQrCdRxLTfDFzjlpSLJK bTKlKJ7Z6mo0ig+99vm7jlLPDZDkBnW1/SaEpevYdxrO4MzTozB7vnq7Zz+caScD z7kPD0yWJW8UQ6XDdkDcgOfescTcc+p1isX5F/Dim1JsWTqgjCtKEWplUsOozctW 4iZL4+MvNhvaUueGUK5I6s8hfHlXtMV558f0nU4EcuTVVQWcTBIHA2JiS8fxo12v Q9ku6fpcsvV+xa5wo+WZRvJyz3CYVo4nZFujey2fkVU7Z9UaDRk= =sUVU -----END PGP SIGNATURE-----