-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-90708b46e3 2022-10-15 21:18:33.579290 --------------------------------------------------------------------------------
Name : mod_security Product : Fedora 36 Version : 2.9.6 Release : 1.fc36 URL : http://www.modsecurity.org/ Summary : Security module for the Apache HTTP Server Description : ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks.
-------------------------------------------------------------------------------- Update Information:
- version update - security update -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 14 2022 Lubo�� Uhliarik luhliari@redhat.com - 2.9.6-1 - new version 2.9.6 * Wed Aug 31 2022 Lubo�� Uhliarik luhliari@redhat.com - 2.9.5-1 - new version 2.9.5 * Thu Jul 21 2022 Fedora Release Engineering releng@fedoraproject.org - 2.9.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2131316 - CVE-2022-39955 mod_security_crs: Multiple charsets defined in Content-Type header [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2131316 [ 2 ] Bug #2131318 - CVE-2022-39956 mod_security_crs: Content-Type or Content-Transfer-Encoding MIME header fields abuse [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2131318 [ 3 ] Bug #2131320 - CVE-2022-39957 mod_security_crs: Charset accept header field resulting in response rule set bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2131320 [ 4 ] Bug #2131322 - CVE-2022-39958 mod_security_crs: Small range header leading to response rule set bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2131322 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-90708b46e3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------