DSA-5405-1

Source

https://storage.googleapis.com/debian-osv/dsa-osv/DSA-5405-1.json

Aliases

CVE-2023-28625 ( DLA-3409-1 )

Published

2023-05-18T00:00:00Z

Modified

2023-05-18T15:15:24.372097Z

Details

It was discovered that missing input sanitising in the implementation of the OIDCStripCookie option in mod_auth_openidc could result in denial of service.

For the stable distribution (bullseye), this problem has been fixed in version 2.4.9.4-0+deb11u3.

We recommend that you upgrade your libapache2-mod-auth-openidc packages.

For the detailed security status of libapache2-mod-auth-openidc please refer to its security tracker page at: \ https://security-tracker.debian.org/tracker/libapache2-mod-auth-openidc

References

https://www.debian.org/security/2023/dsa-5405

Affected packages

Debian:11 / libapache2-mod-auth-openidc

libapache2-mod-auth-openidc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Fixed

2.4.9.4-0+deb11u3

Affected versions

2.*

2.4.9-1

2.4.9.4-0+deb11u1

2.4.9.4-0+deb11u2