[SECURITY] [DLA 4212-1] modsecurity-apache security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4212-1] modsecurity-apache security update
From: Adrian Bunk <bunk@debian.org>
Date: Mon, 9 Jun 2025 16:11:44 +0300
Message-id: <[🔎] aEbdkN7aCsflF3Fk@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4212-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
June 09, 2025                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : modsecurity-apache
Version        : 2.9.3-3+deb11u4
CVE ID         : CVE-2025-48866
Debian Bug     : 1107196

DoS with sanitiseArg/sanitizeArg has been fixed in modsecurity-apache,
a module for the Apache webserver to tighten Web application security.

For Debian 11 bullseye, this problem has been fixed in version
2.9.3-3+deb11u4.

We recommend that you upgrade your modsecurity-apache packages.

For the detailed security status of modsecurity-apache please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/modsecurity-apache

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmhG3YwACgkQiNJCh6LY
mLEDOg/5AfCD5oXLILedEJypJ5B5OwO5LelthyRFBBObV6/qwjrr2Gn31hVE2gMg
4R5tA/CNSqfMvyU9DlS3s9QmZ4sAkLO8LGyYEilI3zZroR0rx1Q5UFnSA7zzqfeK
CuyH8a4qLuadwcaIUehhwKfWcCL0wdMl2yis2i9lpKAT4VEDi6bQ6ukENElUazgY
DC1jaWGHt916TGS+B+JbR3MXTAGxnNMU+RBkgR+6cdjY8IPjVJTOOsRhWELblb9C
52uum3XY+wRw7ze2N0xNt6HLwiIdTiqJldOL6w+L9AK9Pz023gA0MG7l3TW+xxLv
CCbDwyWIbSIbz2VzCS+t1cF8b4VuPbIJ6NIgCx63pqHgMrIh/ZEIgdsvpuPmVxCY
5dCMzA0iqWuE/VhcQUy20imDiaufCaoRFKjEgg8h07CndmHet8ttgrQs2z5InDar
/sCYVe8s+sXT/NA6AqrXNvF7FFvILF7GC75gs7fqufv9zKSYiBKdZWq1IDfelQRE
2hOO5yqMREKPJf/K+jdhHA6u1Yewx0j12Zwq6Ko4iYtJgf806BYFK6z9DQpFT+hk
2b1tznvCLvS5HVIJVThb9oQz43Po6/ruiG3ZsNd52en2poUNZFP1fReXYJSvas71
FOgQpyQOjDoGAytlz6RMy5FFvi8UIoTZ3WpZH3hTVJxK8+NHTTY=
=vJC8
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4211-1] roundcube security update
Next by Date: [SECURITY] [DLA 4210-1] python-django security update
Previous by thread: [SECURITY] [DLA 4211-1] roundcube security update
Next by thread: [SECURITY] [DLA 4210-1] python-django security update
Index(es):
- Date
- Thread