[SECURITY] [DLA 4192-1] modsecurity-apache security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4192-1] modsecurity-apache security update
From: Adrian Bunk <bunk@debian.org>
Date: Thu, 29 May 2025 23:59:33 +0300
Message-id: <[🔎] aDjKtZSEp2pS9CoA@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4192-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
May 29, 2025                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : modsecurity-apache
Version        : 2.9.3-3+deb11u3
CVE ID         : CVE-2025-47497
Debian Bug     : 1106286

DoS with sanitiseMatchedBytes has been fixed in modsecurity-apache,
a module for the Apache webserver to tighten Web application security.

For Debian 11 bullseye, this problem has been fixed in version
2.9.3-3+deb11u3.

We recommend that you upgrade your modsecurity-apache packages.

For the detailed security status of modsecurity-apache please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/modsecurity-apache

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmg4yrUACgkQiNJCh6LY
mLErBBAAqYep49NLC8g7c68E9yjItiNFEkCWWDORO8txRqLx2IN3XjMzkgd9xJ+h
TY/AhWD0iiGbMHNh8eVtCi3i1O/yHLcRDqL8l00iQxFG2Z08CbKsgRTAf0gbUKZO
O9aPWCoasK4duBctHT1Yl25VvziZlCs8MDQIjmLQs+fOSa1LpbjCJQewxMUkJ4mC
RB5SwvrgRMjJWDZshO9+xx023+zEkCzJzQa0z2i7VRM+kMOwZDIXf0pdYyq3Veon
UKwSFm9XvHEb2yL2uYkUmZ7DXdr+FoQSpLbsAxI2IYivOIFmzPO6GPzvQ2Xtz8QQ
/bu4P6sQL3NEodDF+rhCVaTOvwbLbXKIxO0hUhlJsUr1480k/NRDQwllGRen582H
rcFu3ZJwFMApuEw4TEu70iAMbotu3R21vVWcPqtHWdE4KrC5l2Xrr9mDuG+oEUFg
ZIdw9nuzq4Uw0d4kV30yfqmYfZKtwE7KtG8OuQZ0Dq3HaJpRIWyAFgZwRIQphXKV
TvOcUMdbyTsdJlzftuPmbEZs8pFQvJfcujh+mKdXHywkWvxe3aUr6O6kLoNSaYrM
XqssD1XF5pW0c0iVdqxW9CpyXdpQkE1kjopoTuAPYLLQ4+t6PydoyLLq3hzSw9v9
RkUZZ4fun5Q4DOBjJ5FYU4eM42R8aFVVfU0/nuyw2gcQKHSw3Co=
=dddV
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4191-1] firefox-esr security update
Next by Date: [SECURITY] [DLA 4193-1] linux-6.1 security update
Previous by thread: [SECURITY] [DLA 4191-1] firefox-esr security update
Next by thread: [SECURITY] [DLA 4193-1] linux-6.1 security update
Index(es):
- Date
- Thread