CVE-2021-32791

Name	CVE-2021-32791
Description	mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-3409-1
Debian Bugs	991581

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
libapache2-mod-auth-openidc (PTS)	bullseye	2.4.9.4-0+deb11u4	fixed
	bullseye (security)	2.4.9.4-0+deb11u3	fixed
	bookworm	2.4.12.3-2+deb12u2	fixed
	sid, trixie	2.4.16.5-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
libapache2-mod-auth-openidc	source	buster	2.3.10.2-1+deb10u2		DLA-3409-1
libapache2-mod-auth-openidc	source	(unstable)	2.4.9-1			991581

Notes

[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r
https://github.com/zmartzone/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c (v2.4.9)