Fedora has issued an advisory on April 2: https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131375.html The issue was fixed upstream in 2.7.6. Updated (to 2.7.7) package uploaded for Cauldron. Patched packages uploaded for Mageia 3 and Mageia 4. Advisory: ======================== Updated apache-mod_security packages fix security vulnerability: Martin Holst Swende discovered a flaw in the way mod_security handled chunked requests. A remote attacker could use this flaw to bypass intended mod_security restrictions, allowing them to send requests containing content that should have been removed by mod_security (CVE-2013-5705). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5705 https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131375.html ======================== Updated packages in core/updates_testing: ======================== apache-mod_security-2.7.4-1.1.mga3 mlogc-2.7.4-1.1.mga3 apache-mod_security-2.7.5-2.1.mga4 mlogc-2.7.5-2.1.mga4 from SRPMS: apache-mod_security-2.7.4-1.1.mga3.src.rpm apache-mod_security-2.7.5-2.1.mga4.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
As previous updates for this, just checking it loads ok. eg. # httpd -M 2>/dev/null |grep security security_module (shared)
Whiteboard: MGA3TOO => MGA3TOO has_procedure
Testing complete mga3 64 and mga4 32 & 64 # httpd -M 2>/dev/null | grep security security2_module (shared)
Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure mga3-64-ok mga4-32-ok mga4-64-ok
Testing complete mga3 32
Whiteboard: MGA3TOO has_procedure mga3-64-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok
Advisory uploaded. Validating. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0180.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED