[SECURITY] [DSA 5940-1] modsecurity-apache security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5940-1] modsecurity-apache security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 08 Jun 2025 20:28:36 +0000
Message-id: <[🔎] E1uOMdA-006OYj-JY@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5940-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
June 08, 2025                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : modsecurity-apache
CVE ID         : CVE-2025-47947 CVE-2025-48866
Debian Bug     : 1106286 1107196

Several vulnerabilities were discovered in modsecurity-apache, an Apache
module to tighten the Web application security, which may result in
denial of service (high memory consumption).

For the stable distribution (bookworm), these problems have been fixed in
version 2.9.7-1+deb12u1.

We recommend that you upgrade your modsecurity-apache packages.

For the detailed security status of modsecurity-apache please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/modsecurity-apache

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmhF8ldfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0T45g//TXyl/dLjV5KUeko0p4FN+KT5YR9leXFy/Q0DmPgbBCiPBpq5vsZ9kq0G
O6VJlphDROIPNLEFm5qlaC8QXeMeUfvdg8IQdMD87W9XT1t8hGLWdt97BoyY4EWw
JWpvTfAKDOE4zuHvWgfWHoacvYoryPQM/WKzJ1vcb/xyFDcg8dUJ3Rd05lofTkMA
D3LbhFBxAAj76UNxZTSTexsQTIRQfa11zRXg+q3EZj1oKM9aogY/36ujGg+iyj7x
nueYtkj+BY0OFYFoUJ3qtUCJyNX1lwTpBHU+T2S1OTbfVIEOFaPD3zXuDdeljizK
AfmwAV3cQpb4W59lXDpmRz/2AaGFifVi0cfgOj9ScserIC/5Nkw0sDe/YGgMid0s
SGLxW+KLkPd8rKhLUgb420wCE6ecD+lZSJqFr0XdYzKkBwSZU4cozO4fZtGHEXqk
4yEhbI7EnivuiA7EL7VTE4CNBT4YLwww7oTIMNZPB86odMmFRJa4ZhiI/+UA2O4v
uckFaWJ8QAV/zpa+4fWmM+uo8lEn3GsclyRNcW9M1Sqalrbili2ZXyXkUmxz6Non
hktpoJySGyoBV6vw3VwdOzHYxbfdN+ombmQ15binszhXfIyHGfgd0X1mtLDAqshx
BmT8jO4s7Ltdfexk3ORnYyFTxrzruVh0G5GwPzjeU+Ip1okH5KQ=
=hhxN
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5939-1] gimp security update
Next by Date: [SECURITY] [DSA 5941-1] gst-plugins-bad1.0 security update
Previous by thread: [SECURITY] [DSA 5939-1] gimp security update
Next by thread: [SECURITY] [DSA 5941-1] gst-plugins-bad1.0 security update
Index(es):
- Date
- Thread