-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 18 Apr 2024 14:20:00 +0200 Source: libapache2-mod-auth-openidc Binary: libapache2-mod-auth-openidc libapache2-mod-auth-openidc-dbgsym Architecture: mips64el Version: 2.4.12.3-2+deb12u1 Distribution: bookworm Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-04) Changed-By: Moritz Schlarb Description: libapache2-mod-auth-openidc - OpenID Connect Relying Party implementation for Apache Closes: 1064183 Changes: libapache2-mod-auth-openidc (2.4.12.3-2+deb12u1) bookworm; urgency=medium . * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks cookie value made the server vulnerable to a Denial of Service (DoS) attack. If an attacker manipulated the value of the OpenIDC cookie to a very large integer like 99999999, the server struggled with the request for a long time and finally returned a 500 error. Making a few requests of this kind caused servers to become unresponsive, and so attackers could thereby craft requests that would make the server work very hard and/or crash with minimal effort. (Closes: #1064183) Checksums-Sha1: fe1ed4d5f2f787acba189c24747f93910a656c8a 355500 libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_mips64el.deb a74420b80c30d045fa45c53449162394813d6a69 7838 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_mips64el-buildd.buildinfo d255661803b9e0f7faf5064279471d22b9b14768 160984 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_mips64el.deb Checksums-Sha256: db50a8d0290c5ef18c8491ae31341333641d5ce2d04d8c73d08a5b99af0dbc6d 355500 libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_mips64el.deb a79ea03fa02e2611967ffbeeca046e8ebad0d0d3946e69d729e826fcc863f60f 7838 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_mips64el-buildd.buildinfo 3e5a6bdc56acc94919551e9b8e04562096fc97c4bb00d06e38564ce5e96d3ddb 160984 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_mips64el.deb Files: 2e7fcffee5f4f704ad1bf35ac98e6600 355500 debug optional libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_mips64el.deb 5a4e2b4a6b6f32150cfa9b8d9cb87583 7838 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_mips64el-buildd.buildinfo 0147b42c8f1d1a2c3a522731a1a9bdb6 160984 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_mips64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEEmZlxOBLdXDBxnwAL00bee7O74EFAmYmp0sACgkQL00bee7O 74GydQ//d/6+xdcC0tapkJy9c9XSQ6zXFhEJSemOmxhZfECFcnpCJCP4CL4TdO5R CTb678VaPYHzSqaI7W17dpNigEQc0IFImusYnWnh3c29ZglFrak+wCtodLw8chDI RIAEp4CBBJLDQbVFsAIA0h5YkK3uY7TzQZCn8XdiH3TAJLK1tpp1He7xOPdFGKzh so6KBOl263x+OZAzm4ZDU8XjRxx1QbIQTNyt/joNVJtBktKh4hBwPTWqch5F7rM7 3htC7rfB8ZmqEPWtG2+VxS+BeICukQtCLQ5b8rBKvnL2lu0uQPYRtQ2Ql5c1GAl/ jokLrUuFpKvbl57CD6/gpcX2LaZEUMzsNoYt+7DNzN3ReUxyiv2SXPLk9+x3nDEC AdGjJrHXHYFekz1dSwoXh5/Kbypm1mXSlNhFAieno9kzkCFeu52YIkopuaHKCjkH jwgVN0bvYml4LiZM5B0xGNRImOXmXSP+9jUFkbdT6U6d7WqHguDDuHbopyHC3Lg2 6VGg3fMS09vqvzQaHlYgvhnqpwwQmaTLWly2YvNBsWhCg9f5ToRPf5baC4XzcvSQ coi5GJeT1fJ5Le5wC+RgE0Bd+cQVDHJmCCD5OdqJhnGPZtZTwzPKe0SyyQTpy+8P hzI48/ixzVMs4PAeJqApoz76WFzY6n8YzGm+PsB/wthZFClu3EM= =eMbM -----END PGP SIGNATURE-----