Site Navigation:
security mod_security-2.7.1-3.el6, mod_security_crs-2.2.6-3.el6 security update
Status:stable
Release: Fedora EPEL 6
Update ID: FEDORA-EPEL-2012-13478
Builds: mod_security-2.7.1-3.el6 (logs)
mod_security_crs-2.2.6-3.el6 (logs)
Pushed: True
Date Submitted: 2012-11-15 10:07:42
Date Released: 2012-11-15 19:09:33
Submitter: athmane
Karma: 2
Details
  • Update to 2.7.1
  • Update Core rules set to 2.2.6
  • Fix build against libxml2 >= 2.9 (upstreamed)
  • Add some missing directives RHBZ #569360
  • Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528) (RHBZ #867424, #867773, #867774)
Bugs Fixed
867424 - CVE-2012-4528: mod_security: multipart/invalid part ruleset bypass
867773 - mod_security: multipart/invalid part ruleset bypass [fedora-all]
867774 - mod_security: multipart/invalid part ruleset bypass [epel-all]
569360 - The default configuration in v2.5.12 is missing important settings
Feedback
bodhi - 2012-11-15 10:08:11
This update has been submitted for testing by athmane.
bodhi - 2012-11-15 18:37:52
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2012-11-15 19:33:33
This update has been pushed to testing
philipp - 2012-11-15 21:46:48
Using it here. Had to add an 'id' field to my local SecRule entries to get them to work with this update, however. Previously wasn't required.
jens - 2012-11-16 08:16:27
jens - 2012-11-16 11:38:14
Using it as well. Works good, but I had to remove a line from scanners.dat, because yum uses a User-Agent with grabber in the name.
bodhi - 2012-11-29 22:05:05
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
bodhi - 2012-12-12 23:39:29
This update has been submitted for stable by athmane.
bodhi - 2012-12-13 18:31:07
This update is currently being pushed to the Fedora EPEL 6 stable updates repository.
bodhi - 2012-12-13 20:05:45
This update has been pushed to stable

Add a comment

Tip: Login to impact how quickly this update gets pushed or unpushed.
obfuscated letters