-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 18 Apr 2024 14:27:26 +0200 Source: libapache2-mod-auth-openidc Binary: libapache2-mod-auth-openidc libapache2-mod-auth-openidc-dbgsym Architecture: ppc64el Version: 2.4.9.4-0+deb11u4 Distribution: bullseye Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-osuosl-02) Changed-By: Moritz Schlarb Description: libapache2-mod-auth-openidc - OpenID Connect authentication module for Apache Closes: 1064183 Changes: libapache2-mod-auth-openidc (2.4.9.4-0+deb11u4) bullseye; urgency=high . * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks cookie value made the server vulnerable to a Denial of Service (DoS) attack. If an attacker manipulated the value of the OpenIDC cookie to a very large integer like 99999999, the server struggled with the request for a long time and finally returned a 500 error. Making a few requests of this kind caused servers to become unresponsive, and so attackers could thereby craft requests that would make the server work very hard and/or crash with minimal effort. (Closes: #1064183) Checksums-Sha1: b8789ec4d8e19911394ab2fa4d4cb8f13b3519a0 339644 libapache2-mod-auth-openidc-dbgsym_2.4.9.4-0+deb11u4_ppc64el.deb 7d9c43df3ef163e9f88a825a6f4627b4cf22fe47 8257 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_ppc64el-buildd.buildinfo 2ca20ea55f6e3ace81f672778dba64e7e73a7a31 182572 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_ppc64el.deb Checksums-Sha256: 887ba318fffee9104f804df735326789b1a6f6e1f231804ed9d61883f5441857 339644 libapache2-mod-auth-openidc-dbgsym_2.4.9.4-0+deb11u4_ppc64el.deb c92cdc33518ae73658022a6fabbf2ba9802109895eb10445336f6288982c48bc 8257 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_ppc64el-buildd.buildinfo 2478decccb1b6bbb65b32cb9fc99ee34d3698d4d348607789820c3a9c63957be 182572 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_ppc64el.deb Files: 1151b4273493d3f4ad1d4a327f218f75 339644 debug optional libapache2-mod-auth-openidc-dbgsym_2.4.9.4-0+deb11u4_ppc64el.deb f315dd39e175057a874f14ee14902c3f 8257 httpd optional libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_ppc64el-buildd.buildinfo fb7560980d0a9010ea1a0d536c52d93d 182572 httpd optional libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEHDNCkvGgp2XShfnByW8ECaj2byoFAmYmz+oACgkQyW8ECaj2 bypChA//e4p8QCCS/BzVpHg329Kp4kM/K0fFFmohoBGwMV3c6D8pQY5TnnE6AzbB El6XCYli76Nzxhyn2W4rhuf8aS04GBKrF+kpAM8SDwLCf18pqSi5wtZ1PVOlE70N +4x59jumCnmI4RLLK3uO0QTURUK+lbKjlmKBB0i1lofHSbIkLXQhsZid+GtRuGLr g44nLNrZaaeDpSnino0zdyuJ1IZ1o/FvcYfgENmUL2WBUke0fxx1K6yI/aMkS4HJ omFUHW3xokc6S/L6Tkf53Krmdoumn2z9ifL0QkTdt79+m/vr/S4j3vldyxn7yufQ 243UzJuoqUPmx9gsUZqqrHgZr4i2TYZAX/kYmCavWCvw0SpKltUu21ON7oDxFnOZ m/rGlzaonkR0d5wq7L2E8Lmrn0XIrXrzbExX7fIgOShfzVrW4bvchkoCZ9QMQFY5 uR8p33qf5+FFY0mqryeRKXKHQSp30LDq37rc/advKSLP9cPFZFddkvjjC6Zf90A8 yq1chUtPUeiMFtmyl6hbAMBT+6VjeG9RDbAA8g/9ql++uCxB7RIV8Vsz3/1ZWrTN AfklMYh2+mFau3sNSZGcKDeXG3sKwOMB/gKdPjC5V5lWKbObJMh7Ja80yM9LKcxx CZ21an5/KLD+BQQbnZUGGCkvf3S0umcJ6g1+PXOqdDekLhknmQg= =FDrt -----END PGP SIGNATURE-----