1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5917-1] libapache2-mod-auth-openidc security update

    From Moritz Muehlenhoff@21:1/5 to All on Thu May 8 23:10:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5917-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff
    May 08, 2025 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libapache2-mod-auth-openidc
    CVE ID : CVE-2025-3891

    A vulnerability has been discovered in mod_auth_openidc, an OpenID
    Certified authentication and authorization module for the Apache HTTP
    server that implements the OpenID Connect Relying Party functionality:

    An unauthenticated attacker could crash the Apache httpd process by
    sending a POST request without a Content-Type header if the
    'OIDCPreservePost' directive is enabled, resulting in denial of
    service.

    For the stable distribution (bookworm), this problem has been fixed in
    version 2.4.12.3-2+deb12u4.

    We recommend that you upgrade your libapache2-mod-auth-openidc packages.

    For the detailed security status of libapache2-mod-auth-openidc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libapache2-mod-auth-openidc

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmgdG3kACgkQEMKTtsN8 Tja/nQ//W1J+O131LOmE7lA9J8WBn5SmZAjZityDC4ZzlbwPxTW1uZKtwyNORYQJ J/SDmRErQ3Hk82ZenE1LY5/GyBEUk9FcmQmol0BolQcqsa6mEuQXByoYxm+ioK6j V1cxEGBBYJSQrzy2jP87WYyRp2MI+6rNpMALivOIHt6vTb7IA+pdsQ9uHaiPWEk6 9+I/bt2lCvoPmt5Az4EJMA0/CLinMGFD1QvJ1RjWpwnfJsBF1WKeTgGZ+KxxtdIX Ia7l4625N+KQ5mITHI68m0H1RLbJXsODYrZPOhxyXX1UuAI55tE1jWhqtHBx1HRr jQDvLDkQyTPLVYPG16kkIS06UhBPqyMhBXJd1ntn35PR8jjinrpFubKiUoC1llY4 scq/sCTjFZOGhR2BJgmIcZCk5aCwf6VzYVexMLyBCQZslPcrUur/WtQeHAmQH1s4 tBPS32Mpy6MfIe+i+IE8sBAUOq5CuxiHy/QxSPunJZIOj9mMfjEr61z8LOTYyvG3 Z6pn0Z6ckKf+DzvQYUJt33sWec5MK9mB9eWlLvukw+ImJ4swzVRjAIzjZavPw0fl 6xIloY6DKWALDcg4v1m2R0+l858UKrKsgbP+9FFggIe6+oTpkGANiJLXNk7MkW5L c97Y3hMO4r3c/1RLVQXTfn257n2mH1+jWOZdwhu0J7/94oGTccM=
    =GWXH
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)