Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Ubuntu 22.04 LTS USN-6370-1 Moderate: ModSecurity Denial Of Service

Calendar Sep 14, 2023 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service buffer overflow web application Ubuntu update instructions ModSecurity
Several security issues were fixed in ModSecurity. 
==========================================================================
Ubuntu Security Notice USN-6370-1
September 14, 2023

modsecurity-apache vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS (Available with Ubuntu Pro)
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in ModSecurity.

Software Description:
- modsecurity-apache: Tighten web applications security for Apache

Details:

It was discovered that ModSecurity incorrectly handled certain nested JSON
objects. An attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS
and Ubuntu 20.04 LTS. (CVE-2021-42717)

It was discovered that ModSecurity incorrectly handled certain HTTP
multipart requests. A remote attacker could possibly use this issue
to bypass ModSecurity restrictions. (CVE-2022-48279)

It was discovered that ModSecurity incorrectly handled certain file
uploads. A remote attacker could possibly use this issue to cause a
buffer overflow and a firewall failure. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-24021)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS (Available with Ubuntu Pro):
   libapache2-mod-security2        2.9.5-1ubuntu0.1~esm1

Ubuntu 20.04 LTS:
   libapache2-mod-security2        2.9.3-1ubuntu0.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   libapache2-mod-security2        2.9.2-1ubuntu0.1~esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   libapache2-mod-security2        2.9.0-1ubuntu0.1~esm1
   libapache2-modsecurity          2.9.0-1ubuntu0.1~esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
   libapache2-mod-security2        2.7.7-2ubuntu0.1~esm1
   libapache2-modsecurity          2.7.7-2ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6370-1
   CVE-2021-42717, CVE-2022-48279, CVE-2023-24021

Package Information:
   https://launchpad.net/ubuntu/+source/modsecurity-apache/2.9.3-1ubuntu0.1

Ubuntu 22.04 LTS USN-6370-1 Moderate: ModSecurity Denial Of Service

ubuntu
Calendar Grey September 14, 2023
Dist Ubuntu Esm H88
Several security flaws within ModSecurity have been resolved across various Ubuntu versions. Protect your applications against these threats.
Several security issues were fixed in ModSecurity.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS (Available with Ubuntu Pro) - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in ModSecurity. Software Description: - modsecurity-apache: Tighten web applications security for Apache Details: It was discovered that ModSecurity incorrectly handled certain nested JSON objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-42717) It was discovered that ModSecurity incorrectly handled certain HTTP multipart requests. A remote attacker could possibly use this issue to bypass ModSecurity restrictions. (CVE-2022-48279) It was discovered that ModSecurity incorrectly handled certain file uploads. A r...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow web application Ubuntu update instructions ModSecurity

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS (Available with Ubuntu Pro): libapache2-mod-security2 2.9.5-1ubuntu0.1~esm1 Ubuntu 20.04 LTS: libapache2-mod-security2 2.9.3-1ubuntu0.1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): libapache2-mod-security2 2.9.2-1ubuntu0.1~esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): libapache2-mod-security2 2.9.0-1ubuntu0.1~esm1 libapache2-modsecurity 2.9.0-1ubuntu0.1~esm1 Ubuntu 14.04 LTS (Available with Ubuntu Pro): libapache2-mod-security2 2.7.7-2ubuntu0.1~esm1 libapache2-modsecurity 2.7.7-2ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6370-1

CVE-2021-42717, CVE-2022-48279, CVE-2023-24021

Ubuntu Security Notice USN-6370-1

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow web application Ubuntu update instructions ModSecurity

Package Information

https://launchpad.net/ubuntu/+source/modsecurity-apache/2.9.3-1ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here