-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 18 Apr 2024 14:20:00 +0200 Source: libapache2-mod-auth-openidc Binary: libapache2-mod-auth-openidc libapache2-mod-auth-openidc-dbgsym Architecture: s390x Version: 2.4.12.3-2+deb12u1 Distribution: bookworm Urgency: medium Maintainer: s390x Build Daemon (zani) Changed-By: Moritz Schlarb Description: libapache2-mod-auth-openidc - OpenID Connect Relying Party implementation for Apache Closes: 1064183 Changes: libapache2-mod-auth-openidc (2.4.12.3-2+deb12u1) bookworm; urgency=medium . * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks cookie value made the server vulnerable to a Denial of Service (DoS) attack. If an attacker manipulated the value of the OpenIDC cookie to a very large integer like 99999999, the server struggled with the request for a long time and finally returned a 500 error. Making a few requests of this kind caused servers to become unresponsive, and so attackers could thereby craft requests that would make the server work very hard and/or crash with minimal effort. (Closes: #1064183) Checksums-Sha1: 939c3ee21af234dc921d755743e351d3feb0ae7a 335688 libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_s390x.deb 689e7a9bc2ef7b222ae1db8579f604dbd8914b98 7897 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_s390x-buildd.buildinfo 40bbee44e2c5fa15e02869809a7a0139bb5435cb 174900 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_s390x.deb Checksums-Sha256: 78e726e0def7963ae6764127cfd1f15033a6267b3f6704086df6adfcec610716 335688 libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_s390x.deb bf7d63a59a8f65349b6cfc9c0171a28e85d4973d224fc027056047031e96cf1b 7897 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_s390x-buildd.buildinfo efa543244ac69f3fb64b2c78f0801f4ea5880c0d757a8f2dab03bacfbf1fdaae 174900 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_s390x.deb Files: 5fd4b6b40d6065fe248988e670fe2d4b 335688 debug optional libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_s390x.deb ba94b8cf0f9bd6146ed0f1d9e4dcbea2 7897 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_s390x-buildd.buildinfo f5d19f3b55336878bce310de74965e89 174900 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEETdQgQHyJW2hcXsTC6b+AMjGgQHgFAmYmm38ACgkQ6b+AMjGg QHiKYg/9FY236WVkK/ni9Z4FOTxRO/hSNI9cVEMdF4DWgOzN0Aiq3XBnxgD6G4q0 FpI3TkHKq/uoYbhRx0oMOMW1kr19ucLR/622VCSgRtjynW1TESdT7k7vnK3U/CIC TdlVLO2tTOYEY1Avo7h9v7mmKDhvnlvXOAj9bip3jwI8QmUJ7NaTgEqXm4nE9Fkf PHXxCSjudR6CPzVd9BeIN4OnvW5iYvr4BFqTyww4a8DWU0dxHiDsPp3OfR/5yIHn otnCGcmyfhukJGfBOrjtUEzofg4D4g08YvSKz5gnYVkd8vYQMVpMPnMpl2imUSd3 oW3QIsGKxtYHdZpoYL455BtV8/zAJ64M2pLMsttDQq9Y9nHsSo02aygw/ogTrQpT Tq9Nv7jtQor08uPqK6KLDjhhhIxebQ5KXtKc1RCk7nZk02vomZdp4r+xsYumMRE5 8jKbbofWFIHbrPT4u5+arUbaLZf++S+IOM7/VBPc/5jC2g7fFy8bi+aWcQpMsisn cqJLZNNBWstq/5Pta5MNtLEv6JLIgpQrqV82wnO1+gF2vwWov6ZPfRTUwU68FZ36 VlLx9z7qbWfVRDf5+v8gNNliCSkdb4j4elGOoxSYHbeb8lifx/eGl/mcBjyJ/So7 WTuAn2k36ysZt7qUbtip3SEAZdSue6A6dt3Nu7AqOv7t38yUtIY= =A5qF -----END PGP SIGNATURE-----