Package name
apache-mod_security
Date
2013-04-05
Advisory ID
MDVSA-2013:029
Affected versions
MBS1 x86_64

Problem description

A vulnerability has been discovered and corrected in
apache-mod_security:

ModSecurity <= 2.6.8 is vulnerable to multipart/invalid part
ruleset bypass, this was fixed in 2.7.0 (released on2012-10-16)
(CVE-2012-4528).

The updated packages have been patched to correct this issue.

NOTE: This advisory was previousely given the MDVSA-2013:016 identifier
by mistake.

Updated packages

MBS1 x86_64

 6714398ae22af2046fba7e8663a2232c  mbs1/x86_64/apache-mod_security-2.6.3-5.1.mbs1.x86_64.rpm
 90e899d7d4c77de101e46147e057e116  mbs1/x86_64/mlogc-2.6.3-5.1.mbs1.x86_64.rpm 
 a2f260a34533da0fdecb03b0a722c305  mbs1/SRPMS/apache-mod_security-2.6.3-5.1.mbs1.src.rpm

References