-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 18 Apr 2024 14:20:00 +0200 Source: libapache2-mod-auth-openidc Binary: libapache2-mod-auth-openidc libapache2-mod-auth-openidc-dbgsym Architecture: arm64 Version: 2.4.12.3-2+deb12u1 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-conova-04) Changed-By: Moritz Schlarb Description: libapache2-mod-auth-openidc - OpenID Connect Relying Party implementation for Apache Closes: 1064183 Changes: libapache2-mod-auth-openidc (2.4.12.3-2+deb12u1) bookworm; urgency=medium . * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks cookie value made the server vulnerable to a Denial of Service (DoS) attack. If an attacker manipulated the value of the OpenIDC cookie to a very large integer like 99999999, the server struggled with the request for a long time and finally returned a 500 error. Making a few requests of this kind caused servers to become unresponsive, and so attackers could thereby craft requests that would make the server work very hard and/or crash with minimal effort. (Closes: #1064183) Checksums-Sha1: fce61f6509c0b881c8297c2da7ce586d2e2777f9 337408 libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_arm64.deb 891129cfb5e96d335271c4b5408f596d770309bf 7985 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_arm64-buildd.buildinfo 1ce0fdc5cfb26195fd7a1610ae8fd1853bf39691 173980 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_arm64.deb Checksums-Sha256: 5ab31fad82c63ddfae3af3d41ed57cded697cfcb5fa17de35066ad8a8f6584ad 337408 libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_arm64.deb 528e939e81c850ef17380014ffe60ddc269ba819029361ba60678e058625e57d 7985 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_arm64-buildd.buildinfo 9efdc5eab139d95e05846415ce157d2df1d8c7f6a10d652fed0f832c532773cb 173980 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_arm64.deb Files: 99434585465e17e857a5d75ac7db89d3 337408 debug optional libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_arm64.deb 317952db6fa11a4141db20d9d57622b9 7985 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_arm64-buildd.buildinfo 714b5c3b589d1170a850e88ef84811f2 173980 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEElif5H+pIB11ZS5Aay8vyjiVDuNYFAmYmm4UACgkQy8vyjiVD uNZXMRAAn3oonHH0jFzRfQdd3Ubme6i+g/rfDy6btul7Lqnx+7vZrpwQ187QT8DL AxiLk6bzkPQxt5Q7+W/8tM00jB132DU+FKtv1GzaHPRGZ/ZgZShTDgCn9C/CV0SG pRLXZZIgepPoa8T1ZXnWsdPGOC1iCkFMDyMd2b4c5UMDmqAvF5Gb6VnWyZaEcfDB KQRHwYbqjrwe+DQmrZvhPKk/z0qmhKqOQzBUyRuHqWI05fPuDEG0z4EKgcvFW9eu 9ytd0b0sbZfrsii6Mqtmbioc64ayjlcytw3K4CV5/+VcjpHxGU/4yBOJ2be9udjf IwDwXRwdGBHSRfbxiAU11CtlGfMg6iW5QCX9L3R4mqk2hb3Wui0INiwNp9DMCqlf jOmTXUKpibgZZPeXCPOlKFfKDhgTbqOhEjvS7tJUc/ipB/cEdfDSjm4DpVjgLxd6 6Z7qG9Atf+Gq1MixZBiXFG8/0tF+hYoHOB/yXR+YfgLKS2IfFNqp7xdgPzfHOiDv 7DDtF3xL9aQhcciwTMkdPD1kdr8o3kvfjPSsuuYTyxz45ehhPrGw+I1uwgdKMX9o tQoFjGrygXNNCGI6ou2DigPN58QrH4ylG5s+80zdetz9cjQWFm9JPfk6e6hOEAXb u4P91AgkeYrpFsZX9OKDObjvg4SVb6cGchn588E+EtdA0XenL3A= =qelm -----END PGP SIGNATURE-----