Parent Directory
| 
Revision Log
MGASA-2013-0179
| 1 | type: security |
| 2 | subject: apache-mod_security new security issue CVE-2013-2765 |
| 3 | CVE: |
| 4 | - CVE-2013-2765 |
| 5 | src: |
| 6 | 2: |
| 7 | core: |
| 8 | - apache-mod_security-2.6.3-3.5.mga2 |
| 9 | 3: |
| 10 | core: |
| 11 | - apache-mod_security-2.7.4-1.mga3 |
| 12 | description: | |
| 13 | Updated apache-mod_security packages fix security vulnerability: |
| 14 | |
| 15 | When ModSecurity receives a request body with a size bigger than the |
| 16 | value set by the "SecRequestBodyInMemoryLimit" and with a |
| 17 | "Content-Type" that has no request body processor mapped to it, |
| 18 | ModSecurity will systematically crash on every call to |
| 19 | "forceRequestBodyVariable" (in phase 1) (CVE-2013-2765). |
| 20 | references: |
| 21 | - http://www.shookalabs.com/#advisory-cve-2013-2765 |
| 22 | - https://lists.fedoraproject.org/pipermail/package-announce/2013-June/107848.html |
| 23 | ID: MGASA-2013-0179 |
| ViewVC Help | |
| Powered by ViewVC 1.1.30 |