Stay Secure with the Latest Linux Advisories

security advisorycriticalFedora

Fedora 36: FDA-2022-afa1e7b6c4 Critical: Libmodsecurity Request Body Bypass

Update to maintenance release 3.0.8. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-afa1e7b6c4 2022-10-24 14:08:49.147106 --------------------------------------------------------------------------------Name : libmodsecurity Product : Fedora 36 Version : 3.0.8 Release : 1.fc36 URL : https://modsecurity.org/ Summary : A library that loads/interprets rules written in the ModSecurity SecRules Description : Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. In general, it provides the capability to load/interpret rules written in the ModSecurity SecRules format and apply them to HTTP content provided by your application via Connectors. --------------------------------------------------------------------------------Update Information: Update to maintenance release 3.0.8 --------------------------------------------------------------------------------ChangeLog: * Sat Oct 15 2022 Othman Madjoudj - 3.0.8-1 - Update to maintenance release 3.0.8 * Thu Jul 21 2022 Fedora Release Engineering - 3.0.4-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2021301 - CVE-2021-35368 libmodsecurity: request body bypass via a trailing pathname [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2021301 [ 2 ] Bug #2113484 - libmodsecurity: FTBFS in Fedora rawhide/f37 https://bugzilla.redhat.com/show_bug.cgi?id=2113484 [ 3 ] Bug #2129200 - is libmodsecurity pkg still being maintained? https://bugzilla.redhat.com/show_bug.cgi?id=2129200 [ 4 ] Bug #2129515 - Non-responsive maintainer check for athmane https://bugzilla.redhat.com/show_bug.cgi?id=2129515 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-afa1e7b6c4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Fedora 36 introduces libmodsecurity version 3.0.8 to resolve a significant request body vulnerability. Ensure your security!. libmodsecurity update,Fedora 36,security compliance,open source security. . Severity: Critical. LinuxSecurity.com Team

Oct 24, 2022 •Critical Fedora