UbuntuUpdates.org

Package "libapache2-mod-security2"

Name: libapache2-mod-security2

Description:

Tighten web applications security for Apache
Latest version: 2.9.3-1ubuntu0.1
Release: focal (20.04)
Level: security
Repository: universe
Head package: modsecurity-apache
Homepage: http://www.modsecurity.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libapache2-mod-security2"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libapache2-mod-security2" in Focal

Repository Area Version
base universe 2.9.3-1
updates universe 2.9.3-1ubuntu0.1

Changelog

Version: 2.9.3-1ubuntu0.1 2023-09-14 14:06:45 UTC

  modsecurity-apache (2.9.3-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2021-42717.patch: added support for configurable
      limit on depth of JSON parsing.
  * SECURITY UPDATE: firewall failure
    - debian/patches/CVE-2022-48279.patch: fixed HTTP multipart parsing
      and added and new MULTIPART_PART_HEADERS collection.
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-24021.patch: fixed incomplete content in
      FILES_TMP_CONTENT.

 -- Allen Huang <email address hidden> Wed, 13 Sep 2023 12:12:51 +0100
CVE-2021-42717 ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in th
CVE-2022-48279 In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE
CVE-2023-24021 Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on


About   -   Send Feedback to @ubuntu_updates