Advisories » MGASA-2014-0180

Updated apache-mod_security packages fix security vulnerability

Publication date: 17 Apr 2014
Modification date: 17 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-5705

Description

Updated apache-mod_security packages fix security vulnerability:

Martin Holst Swende discovered a flaw in the way mod_security handled
chunked requests. A remote attacker could use this flaw to bypass 
intended mod_security restrictions, allowing them to send requests
containing content that should have been removed by mod_security
(CVE-2013-5705).
                

References

• https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131375.html
• https://bugs.mageia.org/show_bug.cgi?id=13215
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5705

SRPMS

3/core

• apache-mod_security-2.7.4-1.1.mga3

4/core

• apache-mod_security-2.7.5-2.1.mga4