stable

mod_security-2.7.1-3.el6 and mod_security_crs-2.2.6-3.el6

FEDORA-EPEL-2012-13478 created by athmane 11 years ago for Fedora EPEL 6
  • Update to 2.7.1
  • Update Core rules set to 2.2.6
  • Fix build against libxml2 >= 2.9 (upstreamed)
  • Add some missing directives RHBZ #569360
  • Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528) (RHBZ #867424, #867773, #867774)

This update has been submitted for testing by athmane.

11 years ago

This update is currently being pushed to the Fedora EPEL 6 testing updates repository.

11 years ago

This update has been pushed to testing

11 years ago
User Icon philipp commented & provided feedback 11 years ago
karma

Using it here. Had to add an 'id' field to my local SecRule entries to get them to work with this update, however. Previously wasn't required.

User Icon jens provided feedback 11 years ago
karma
User Icon jens commented & provided feedback 11 years ago
karma

Using it as well. Works good, but I had to remove a line from scanners.dat, because yum uses a User-Agent with grabber in the name.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

11 years ago

This update has been submitted for stable by athmane.

10 years ago

This update is currently being pushed to the Fedora EPEL 6 stable updates repository.

10 years ago

This update has been pushed to stable

10 years ago

Please login to add feedback.

Metadata
Type
security
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
11 years ago
in testing
11 years ago
in stable
10 years ago
BZ#569360 The default configuration in v2.5.12 is missing important settings
0
0
BZ#867424 CVE-2012-4528 mod_security: multipart/invalid part ruleset bypass
0
0
BZ#867773 mod_security: multipart/invalid part ruleset bypass [fedora-all]
0
0
BZ#867774 mod_security: multipart/invalid part ruleset bypass [epel-all]
0
0

Automated Test Results