Fedora 9 FEDORA-2009-2654 Critical Mod_Security DoS Threat Fix

ModSecurity is an open source intrusion detection and prevention engine

for web applications. It operates embedded into the web server, acting

as a powerful umbrella - shielding web applications from attacks.

Security fixes for potential denials of service when using PDF XSS protection as

well as when parsing multipart requests.

;group_id=68846

* Thu Mar 12 2009 Michael Fleming 2.5.9-1

- Update to upstream release 2.5.9

- Fixes potential DoS' in multipart request and PDF XSS handling

* Mon Dec 29 2008 Michael Fleming 2.5.7-1

- Update to upstream 2.5.7

- Reinstate mlogc

* Sat Aug 2 2008 Michael Fleming 2.5.6-1

- Update to upstream 2.5.6

- Remove references to mlogc, it no longer ships in the main tarball.

- Link correctly vs. libxml2 and lua (bz# 445839)

- Remove bogus LoadFile directives as they're no longer needed.

* Sun Apr 13 2008 Michael Fleming 2.1.7-1

- Update to upstream 2.1.7

su -c 'yum update mod_security' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/