Mageia 2023-0175: apache-mod_security security update | LinuxSecuri...

What Are You Looking For?

Popular Tags

Sign Up
MGASA-2023-0175 - Updated apache-mod_security packages fix security vulnerability

Publication date: 21 May 2023
URL: https://advisories.mageia.org/MGASA-2023-0175.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-48279,
     CVE-2023-24021

HTTP multipart requests were incorrectly parsed and could bypass the Web
Application Firewall (CVE-2022-48279)
Incorrect handling of '\0' bytes in file uploads in ModSecurity may allow
for Web Application Firewall bypasses and buffer over-reads on the Web
Application Firewall when executing rules that read the FILES_TMP_CONTENT
collection. (CVE-2023-24021)

References:
- https://bugs.mageia.org/show_bug.cgi?id=31457
- https://www.debian.org/lts/security/2023/dla-3283
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48279
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24021

SRPMS:
- 8/core/apache-mod_security-2.9.7-1.mga8

Mageia 2023-0175: apache-mod_security security update

HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall (CVE-2022-48279) Incorrect handling of '\0' bytes in file uploads in ModSecurity may a...

Summary

HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall (CVE-2022-48279) Incorrect handling of '\0' bytes in file uploads in ModSecurity may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. (CVE-2023-24021)

References

- https://bugs.mageia.org/show_bug.cgi?id=31457

- https://www.debian.org/lts/security/2023/dla-3283

- https://lists.fedoraproject.org/archives/list/[email protected]/thread/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48279

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24021

Resolution

MGASA-2023-0175 - Updated apache-mod_security packages fix security vulnerability

SRPMS

- 8/core/apache-mod_security-2.9.7-1.mga8

Severity
Publication date: 21 May 2023
URL: https://advisories.mageia.org/MGASA-2023-0175.html
Type: security
CVE: CVE-2022-48279, CVE-2023-24021

Related News

PHP Vuln Threatens Confidentiality of Impacted Systems

Firewalld 1.3 Released With Easier Firewall Management For More Services

Linux 6.1 Continues Improving The RNG & Crypto Code

Red Hat Advances Enterprise Linux with Improved Podman Containers

News

Advisories

HOWTOs

Features

Linux Container Security Primer
Email Phishing Using Kali Linux
Is Linux A More Secure Option Than Windows For Businesses?
How Secure Is Linux?
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy