Advisories ยป MGASA-2013-0179

apache-mod_security new security issue CVE-2013-2765

Publication date: 26 Jun 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-2765

Description

Updated apache-mod_security packages fix security vulnerability:

When ModSecurity receives a request body with a size bigger than the
value set by the "SecRequestBodyInMemoryLimit" and with a
"Content-Type" that has no request body processor mapped to it,
ModSecurity will systematically crash on every call to
"forceRequestBodyVariable" (in phase 1) (CVE-2013-2765).
                

References

SRPMS

3/core

2/core