modsecurity-apache 2.9.3-1ubuntu0.1 source package in Ubuntu
Changelog
modsecurity-apache (2.9.3-1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2021-42717.patch: added support for configurable
limit on depth of JSON parsing.
* SECURITY UPDATE: firewall failure
- debian/patches/CVE-2022-48279.patch: fixed HTTP multipart parsing
and added and new MULTIPART_PART_HEADERS collection.
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2023-24021.patch: fixed incomplete content in
FILES_TMP_CONTENT.
-- Allen Huang <email address hidden> Wed, 13 Sep 2023 12:12:51 +0100
Upload details
- Uploaded by:
- Allen Huang
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- httpd
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Focal | updates | universe | httpd | |
| Focal | security | universe | httpd |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| modsecurity-apache_2.9.3.orig.tar.gz | 4.1 MiB | 4192019d169d3f1dd82cc4714db6986df54c6ceb4ee1c8f253de78d1a6b62118 |
| modsecurity-apache_2.9.3-1ubuntu0.1.debian.tar.xz | 13.8 KiB | 6dae25c3fd2c997862df54f6e8ef45ffec95331f71677e77a83d80de3afa8b23 |
| modsecurity-apache_2.9.3-1ubuntu0.1.dsc | 2.0 KiB | b705a26a8bd93e7be9917b5ef3e29a11baf13306247b6f086eced6c6936a9452 |
Available diffs
Binary packages built by this source
- libapache2-mod-security2: Tighten web applications security for Apache
Modsecurity is an Apache module whose purpose is to tighten the Web
application security. Effectively, it is an intrusion detection and prevention
system for the web server.
.
At the moment its main features are:
* Audit log; store full request details in a separate file, including POST
payloads.
* Request filtering; incoming requests can be analysed and offensive requests
can be rejected (or simply logged, if that is what you want). This feature
can be used to prevent many types of attacks (e.g. XSS attacks, SQL
injection, ...) and even allow you to run insecure applications on your
servers (if you have no other choice, of course).
- libapache2-mod-security2-dbgsym: debug symbols for libapache2-mod-security2
