Back to libapache2-mod-auth-openidc PTS page

Accepted libapache2-mod-auth-openidc 2.4.12.3-2+deb12u1 (source) into proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 18 Apr 2024 14:20:00 +0200
Source: libapache2-mod-auth-openidc
Architecture: source
Version: 2.4.12.3-2+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Moritz Schlarb <schlarbm@uni-mainz.de>
Changed-By: Moritz Schlarb <schlarbm@uni-mainz.de>
Closes: 1064183
Changes:
 libapache2-mod-auth-openidc (2.4.12.3-2+deb12u1) bookworm; urgency=medium
 .
   * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks
     cookie value made the server vulnerable to a Denial of Service (DoS)
     attack. If an attacker manipulated the value of the OpenIDC cookie to a
     very large integer like 99999999, the server struggled with the request for
     a long time and finally returned a 500 error. Making a few requests of this
     kind caused servers to become unresponsive, and so attackers could thereby
     craft requests that would make the server work very hard and/or crash with
     minimal effort. (Closes: #1064183)
Checksums-Sha1:
 48152d4f7c03317dc578ea4845a20c15cd315a75 2325 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1.dsc
 1c4e5d1781006ff9a29cfa350b15a776adf1cb1a 7764 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1.debian.tar.xz
 f5624c86bc0ae6c1fe0bdf90dca4d35a6455dabc 8448 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_amd64.buildinfo
Checksums-Sha256:
 4f5904073b8562a7a3b982b01dd1c75c10f4b29e3d698abc9be4001fdd6e9e98 2325 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1.dsc
 2d12ef29195cc123400752e91eb61eb78d86762f22a312faff5ed7dd22db1064 7764 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1.debian.tar.xz
 2b0a6a9811ef289acdccf6a254604cba5fec1894f6986d807a2f3e0c18e25c61 8448 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_amd64.buildinfo
Files:
 fd5cc9b4e7a18f975d121d49b88d4a26 2325 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1.dsc
 9f0659dc1a46f0b45c6473723ed86e69 7764 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1.debian.tar.xz
 176fdc1870d781962f19b40ab903356b 8448 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJKBAEBCgA0FiEE3wEiR7/GVQGv8oRFDCS4Qcfduq8FAmYhEu0WHHNjaGxhcmJt
QHVuaS1tYWluei5kZQAKCRAMJLhBx926r6j8D/9Gopp36dLgy9ck9IG9vW3gB/qm
30/gR+smGLaEzu6Hf4YHu1qRl4Dz4LMgx3hKlG2bNAxEfzjmt56H+uWNRiiO90rz
8dAJVGVADm4M6VH6CAXeVe44YwI5Jo/9wVkzUWBANDgIXvC4+0iO7KHwM8X5tbyq
cyJQrG99X1k2BSfbpZHje3bbg1bkFVu3uOOAqWpTaWGZweVjR2Ep7o+FdnDJvA5Q
WKs0zfO7hxyHDUZYyiFqxJa4GTTYT9MWk/0BTD0qyRO8WAA20eENvoG3vkv0plUb
HLhMM0847rYXEIxKLv58ao/Y1rGmDHbAeGqhUkvIuyemdT5yYO/bmDjQ+U9K6ZFA
2qO3vaz7qipDPRgzlouEXcjEwzjNavrQ9N7zLusraXVq4TZ3SQwr3St7th7TgLjz
vd9DS63XyMu/BHAbNbxZvNBJbfS3ZeVhgjxkswq0i26XQId//KmR63B4l+llvabR
4dV73MYrH1lOOcMnfHYqxhgsWWH4dvCBmZGBZmqAVhRRj4xVcHVTfqVkj96U/N6/
ryLZUmv1MbcChzLIxegKWl9mk1bblX/mC12dUmwMP0IsT/ncJ1sF26H+Iv3wGsbi
h8s6jjG7a/cAcFtU45ze7+uwTblo/7U35Ob+LgD46K9F4swYAV1u11gHm8N/EtbX
ByktFjekB59YNfL9ag==
=D0Nz
-----END PGP SIGNATURE-----

Attachment: pgpdQXhyE3L4C.pgp
Description: PGP signature