-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 18 Apr 2024 14:27:26 +0200 Source: libapache2-mod-auth-openidc Binary: libapache2-mod-auth-openidc libapache2-mod-auth-openidc-dbgsym Architecture: mipsel Version: 2.4.9.4-0+deb11u4 Distribution: bullseye Urgency: high Maintainer: mipsel Build Daemon (mipsel-osuosl-03) Changed-By: Moritz Schlarb Description: libapache2-mod-auth-openidc - OpenID Connect authentication module for Apache Closes: 1064183 Changes: libapache2-mod-auth-openidc (2.4.9.4-0+deb11u4) bullseye; urgency=high . * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks cookie value made the server vulnerable to a Denial of Service (DoS) attack. If an attacker manipulated the value of the OpenIDC cookie to a very large integer like 99999999, the server struggled with the request for a long time and finally returned a 500 error. Making a few requests of this kind caused servers to become unresponsive, and so attackers could thereby craft requests that would make the server work very hard and/or crash with minimal effort. (Closes: #1064183) Checksums-Sha1: 0c8bb28895ebe898f2836edc31557175ce5638aa 324048 libapache2-mod-auth-openidc-dbgsym_2.4.9.4-0+deb11u4_mipsel.deb 9bea9856668af60492848251105fd639b0e9e533 8096 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_mipsel-buildd.buildinfo 160e93e775ae59c29236fcf805bbccb2de7a0991 159636 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_mipsel.deb Checksums-Sha256: a1301b630cdec08c426aaa6667414179f40a02c45a8c0d1f6c3f9d3ee27533a8 324048 libapache2-mod-auth-openidc-dbgsym_2.4.9.4-0+deb11u4_mipsel.deb 948b9e213c4e32eb95e07588522ba3b232803c7ad52e3ea1297199f5d2dc6ba3 8096 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_mipsel-buildd.buildinfo f66282e6ed4fc7d20d33924a2d1fb295e5629728c66586a8fd9d009e95c952dc 159636 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_mipsel.deb Files: 82f360f68b612f580b651d488b2b85fe 324048 debug optional libapache2-mod-auth-openidc-dbgsym_2.4.9.4-0+deb11u4_mipsel.deb 46bc5b99ac08dffabd21c750cd58190f 8096 httpd optional libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_mipsel-buildd.buildinfo 49d0eb95b3facabc54cb28c82e21f1be 159636 httpd optional libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_mipsel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEunmvxaaGKuI+hxxClmZGXOM83t8FAmYm0csACgkQlmZGXOM8 3t+K0g//fwL6wamTssQGFEItd6NSnALSAXfT5XaYFRUJaVUh5S4baDMcv7JdwEzd RlQRi7cq43HFfHRowHn1jahim6tetPNvPGDrTCR7mFuRAfth3I4WX+11rVdEFugv rxrcJ6HMCV6E47MPFB/vjFGfMBszb7yHykFKW26Uqrwbf76eKzGFoudn2Oni6GJO 0L/zNpOgTWCL5OSI3bZa0tIkBP6ocuHUntBTvGa89be8jc6pcqieSzy+Dagf1i4N lQBeDYV3KZ6xWJahTT/uNXT84gPUc8QbPgRFdilWNoMp5yr+oI4IkDWiDAUpscYL O76lzHTICBwvDORISULMTw4jX+btMcB/oCCov4/C4vSQZ8ew/A5ojAGhujAJYmLL u8nVtTH6dKGnjROi+9vG5hOylRwbSM9L7O8ipoAFZTyoIzcYTdxV/bLsIj+hU66D dqZcvFcfjbnDAS2SqBEr6rgYZx+wmjjdFRrthfkuufxfc4HiGkDCO0c5mdXP1JA9 xsnF5DGIXweZF+zu0fdj2ppJxDZbObQPW/Mpf1eP4SJmNcNp4uZefyyqdaoTErY5 1/zaoJVNFgEHDFP28EW3JaSEBWNKi8iUweeWHebqztvsp2lhSZt+qQwJ/TeyR8pF VD0iFWpqb9iJUU6kb4cXviH1wwpyvyFO0yKEOkXxwJRz8YKoAw0= =REM0 -----END PGP SIGNATURE-----