Advisories » MGASA-2013-0179

apache-mod_security new security issue CVE-2013-2765

Publication date: 26 Jun 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-2765

Description

Updated apache-mod_security packages fix security vulnerability:

When ModSecurity receives a request body with a size bigger than the
value set by the "SecRequestBodyInMemoryLimit" and with a
"Content-Type" that has no request body processor mapped to it,
ModSecurity will systematically crash on every call to
"forceRequestBodyVariable" (in phase 1) (CVE-2013-2765).
                

References

• http://www.shookalabs.com/#advisory-cve-2013-2765
• https://lists.fedoraproject.org/pipermail/package-announce/2013-June/107848.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2765

SRPMS

2/core

• apache-mod_security-2.6.3-3.5.mga2

3/core

• apache-mod_security-2.7.4-1.mga3