1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4765-1] modsecurity security update

    From Moritz Muehlenhoff@21:1/5 to All on Fri Sep 18 19:30:01 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4765-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 18, 2020 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : modsecurity
    CVE ID : CVE-2020-15598

    Ervin Hegedues discovered that ModSecurity v3 enabled global regular
    expression matching which could result in denial of service. For
    additional information please refer to https://coreruleset.org/20200914/cve-2020-15598/

    For the stable distribution (buster), this problem has been fixed in
    version 3.0.3-1+deb10u2.

    We recommend that you upgrade your modsecurity packages.

    For the detailed security status of modsecurity please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/modsecurity

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9k7KYACgkQEMKTtsN8 TjaASRAAjGXTK61FOxon1L5CmULhQfAKCt82t15651wNNV1MHblhEMgsi3V2Hs0Y r5y4bdYhAFSyLRm+xqbFOUIury7Wwg8l7xBvdsNEvIaWDjwsZ0bDpxbqXrDK+jGQ Z/Xe20+V/CSvzjOJznsOw35+4/TxhhYyKQyyiaTARHe6Mq5HAKoLSj1qxts/b9yt rN6w/DID08Y8xWnyb5lFPw13xNDIbsBQd24Y7Nc2xoFsW0OHgudoAbL541hnqxty 37Dn3FcJWtE6DFxcwI+GW75uT9roN9Rftyj72rhU8F6bgoJbR4D8zki3aspIEoel pQvgCEktyk5F9pqKpYMhzeL3RjghrVXfrbiVglzfjzKWJf/MrEH/bryQ/o2FBz8B Pm8IRpJtSIVRry7Gu0wrMAapfEiPLCUR5YMaZ1UVfhtAxQZ3o3jGVn2UbqWjYgW5 likuT3d087Ug1w7upv3B79LbPIqQCLfd0o2wBsQq7gURIYAxUYctsCl2s/tyeNc3 ZK+IdAy5RGRd/MRyuBirhltv21hqhlUyfcUTsHPhRhWL8pY5n7ux2GUbNARK1gEG c7jRaTKTGYpO9tcmC4Wx022mfmHDnqegCv6wM4Wr4BoK4gf4yBQrdMsTBnLbX+b0 qM3d+lF+eep6uvBY105xe4E0T/DIljA7fMdiGRjaSyK8Bx0nxSk=
    =Uwvq
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)