Parent Directory | Revision Log
MGASA-2013-0179
1 | type: security |
2 | subject: apache-mod_security new security issue CVE-2013-2765 |
3 | CVE: |
4 | - CVE-2013-2765 |
5 | src: |
6 | 2: |
7 | core: |
8 | - apache-mod_security-2.6.3-3.5.mga2 |
9 | 3: |
10 | core: |
11 | - apache-mod_security-2.7.4-1.mga3 |
12 | description: | |
13 | Updated apache-mod_security packages fix security vulnerability: |
14 | |
15 | When ModSecurity receives a request body with a size bigger than the |
16 | value set by the "SecRequestBodyInMemoryLimit" and with a |
17 | "Content-Type" that has no request body processor mapped to it, |
18 | ModSecurity will systematically crash on every call to |
19 | "forceRequestBodyVariable" (in phase 1) (CVE-2013-2765). |
20 | references: |
21 | - http://www.shookalabs.com/#advisory-cve-2013-2765 |
22 | - https://lists.fedoraproject.org/pipermail/package-announce/2013-June/107848.html |
23 | ID: MGASA-2013-0179 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |