libapache2-mod-auth-openidc 2.4.15.7-1 source package in Ubuntu
Changelog
libapache2-mod-auth-openidc (2.4.15.7-1) unstable; urgency=medium
[ Hans Zandbelt ]
* update to OpenIDC Github repository/organization
[ Moritz Schlarb ]
* Bump Standards-Version
* New upstream version 2.4.15.7
* CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks
cookie value made the server vulnerable to a Denial of Service (DoS)
attack. If an attacker manipulated the value of the OpenIDC cookie to a
very large integer like 99999999, the server struggled with the request for
a long time and finally returned a 500 error. Making a few requests of this
kind caused servers to become unresponsive, and so attackers could thereby
craft requests that would make the server work very hard and/or crash with
minimal effort. (Closes: #1064183)
-- Moritz Schlarb <email address hidden> Thu, 18 Apr 2024 13:46:00 +0200
Upload details
- Uploaded by:
- Moritz Schlarb
- Uploaded to:
- Sid
- Original maintainer:
- Moritz Schlarb
- Architectures:
- any
- Section:
- misc
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libapache2-mod-auth-openidc_2.4.15.7-1.dsc | 2.2 KiB | eb67c0732a7d4f059da9234eb8460004852b069836c3b42a57b47de46f2ff344 |
| libapache2-mod-auth-openidc_2.4.15.7.orig.tar.gz | 310.3 KiB | 672a7a483f28314372e33ad48a501c5cb8aac40c5a9c921ea962e7e2c11ab807 |
| libapache2-mod-auth-openidc_2.4.15.7-1.debian.tar.xz | 7.4 KiB | 0eee50cf955f1c07c05071945c14a841df83f09b6beb49131b0ae2bfbac7865d |
No changes file available.
Binary packages built by this source
- libapache2-mod-auth-openidc: OpenID Connect Relying Party implementation for Apache
mod_auth_openidc is a certified authentication and authorization module
for the Apache 2.x HTTP server that implements the OpenID Connect
Relying Party functionality.
.
This module enables an Apache 2.x web server to operate as an OpenID
Connect Relying Party (RP) towards an OpenID Connect Provider (OP).
It relays end user authentication to a Provider and receives user
identity information from that Provider. It then passes on that identity
information (a.k.a. claims) to applications protected by the Apache web
server and establishes an authentication session for the identified user.
- libapache2-mod-auth-openidc-dbgsym: debug symbols for libapache2-mod-auth-openidc
