it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5940-1] modsecurity-apache security update
- Date: Sun, 08 Jun 2025 20:28:36 +0000
- Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/E1uOMdA-006OYj-JY AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=A3rzWtfKQH8pl+FDv4hsSRtR+iglwJ+ZPDzIotfNrxs=; b=rV L2woRJrmWID1FKXJSIBgZoHjX0HTAK9kUNP2yNDXMYj48KV43fpn8gIWc6HepUgHAJLXG8JJnYwwq lCveCJQ29g8LCvEHMS2Wzip+wYVsnXEtNXT40wvg8/6aXrjxZSq6QTPoTe7idkBiOkqACrj0sI0Va dPIyYI2QBir4k7nJdI9CSK4maHOA1t2i/9CbkPDB/YYgc8VD+Dqaq/heDqjR+IM5/MUn4DUhcNyA4 IYo+768L3ksBhJRg79spiYlyr7fsU/uyRNQTtsNQncpU5K6vltKi/uIG/HH9Dz9gAH04T32QlZ3cr lUq/0be3bgc/pNFW3o+kp2i/GgT7UNGw==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Sun, 8 Jun 2025 20:29:02 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <-pxLAMY6h2E.A.WwqE.OKfRoB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5940-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 08, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : modsecurity-apache
CVE ID : CVE-2025-47947 CVE-2025-48866
Debian Bug : 1106286 1107196
Several vulnerabilities were discovered in modsecurity-apache, an Apache
module to tighten the Web application security, which may result in
denial of service (high memory consumption).
For the stable distribution (bookworm), these problems have been fixed in
version 2.9.7-1+deb12u1.
We recommend that you upgrade your modsecurity-apache packages.
For the detailed security status of modsecurity-apache please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/modsecurity-apache
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmhF8ldfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0T45g//TXyl/dLjV5KUeko0p4FN+KT5YR9leXFy/Q0DmPgbBCiPBpq5vsZ9kq0G
O6VJlphDROIPNLEFm5qlaC8QXeMeUfvdg8IQdMD87W9XT1t8hGLWdt97BoyY4EWw
JWpvTfAKDOE4zuHvWgfWHoacvYoryPQM/WKzJ1vcb/xyFDcg8dUJ3Rd05lofTkMA
D3LbhFBxAAj76UNxZTSTexsQTIRQfa11zRXg+q3EZj1oKM9aogY/36ujGg+iyj7x
nueYtkj+BY0OFYFoUJ3qtUCJyNX1lwTpBHU+T2S1OTbfVIEOFaPD3zXuDdeljizK
AfmwAV3cQpb4W59lXDpmRz/2AaGFifVi0cfgOj9ScserIC/5Nkw0sDe/YGgMid0s
SGLxW+KLkPd8rKhLUgb420wCE6ecD+lZSJqFr0XdYzKkBwSZU4cozO4fZtGHEXqk
4yEhbI7EnivuiA7EL7VTE4CNBT4YLwww7oTIMNZPB86odMmFRJa4ZhiI/+UA2O4v
uckFaWJ8QAV/zpa+4fWmM+uo8lEn3GsclyRNcW9M1Sqalrbili2ZXyXkUmxz6Non
hktpoJySGyoBV6vw3VwdOzHYxbfdN+ombmQ15binszhXfIyHGfgd0X1mtLDAqshx
BmT8jO4s7Ltdfexk3ORnYyFTxrzruVh0G5GwPzjeU+Ip1okH5KQ=
=hhxN
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5940-1] modsecurity-apache security update, Salvatore Bonaccorso, 08.06.2025
Archiv bereitgestellt durch MHonArc 2.6.19+.