Nome do pacote
apache-mod_security
Data
2013-04-29
ID Alerta
MDVSA-2013:156
Versões afetadas
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Descrição do problema

A vulnerability has been found and corrected in apache-mod_security:

ModSecurity before 2.7.3 allows remote attackers to read arbitrary
files, send HTTP requests to intranet servers, or cause a denial
of service (CPU and memory consumption) via an XML external entity
declaration in conjunction with an entity reference, aka an XML
External Entity (XXE) vulnerability (CVE-2013-1915).

The updated packages have been patched to correct this issue.

Pacotes atualizados

MES5 i586

 301f6d87bb0605dcfbae4ab94da0c32a  mes5/i586/apache-mod_security-2.5.12-0.4mdvmes5.2.i586.rpm
 d2336ca0da3dd8077819dee6abea2f6e  mes5/i586/mlogc-2.5.12-0.4mdvmes5.2.i586.rpm 
 472a4e549a187d2020b21ab930d81b13  mes5/SRPMS/apache-mod_security-2.5.12-0.4mdvmes5.2.src.rpm

MBS1 x86_64

 ce1e86534b8d33dafbdc2c25b8ec689b  mbs1/x86_64/apache-mod_security-2.6.3-5.2.mbs1.x86_64.rpm
 d125ba595ee374b31b6f91fed316f30e  mbs1/x86_64/mlogc-2.6.3-5.2.mbs1.x86_64.rpm 
 77a7cb951e047e046ce5b1517c843b9f  mbs1/SRPMS/apache-mod_security-2.6.3-5.2.mbs1.src.rpm

MES5 x86_64

 3b9b65c037b35917bf066b9a543d10fb  mes5/x86_64/apache-mod_security-2.5.12-0.4mdvmes5.2.x86_64.rpm
 edc3c3e1d31c5f0b2c204fc197d5e7b0  mes5/x86_64/mlogc-2.5.12-0.4mdvmes5.2.x86_64.rpm 
 472a4e549a187d2020b21ab930d81b13  mes5/SRPMS/apache-mod_security-2.5.12-0.4mdvmes5.2.src.rpm

Referências