Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.0490 modsecurity-apache security update 27 January 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: modsecurity-apache Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2023-24021 CVE-2022-48279 CVE-2022-39956 Original Bulletin: http://www.debian.org/lts/security/2023/dla-3283 Comment: CVSS (Max): 9.8 CVE-2022-39956 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: [NVD], Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3283-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Tobias Frost January 26, 2023 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : modsecurity-apache Version : 2.9.3-1+deb10u2 CVE ID : CVE-2022-48279 CVE-2023-24021 Debian Bug : 1029329 Multiple issues were found in modsecurity-apache, open source, cross platform web application firewall (WAF) engine for Apache which allows remote attackers to bypass the applications firewall and other unspecified impact. CVE-2022-48279 In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity(C language) codebase. CVE-2023-24021 Incorrect handling of null-bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer iverflows on the Web Application Firewall when executing rules reading the FILES_TMP_CONTENT collection. For Debian 10 buster, these problems have been fixed in version 2.9.3-1+deb10u2. We recommend that you upgrade your modsecurity-apache packages. For the detailed security status of modsecurity-apache please refer to its security tracker page at: https://security-tracker.debian.org/tracker/modsecurity-apache Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmPSymsACgkQkWT6HRe9 XTbptBAAowXyB5ihOtsjjmiAlPeK+Ku9mEzhNN/Fl+VBx3BfSc+nNKe++SWfo5Qm e6IMu6+Lg11D62hiTa0pn2xWErcpTTfxdmq83Ow/rakNst5yYkD7UKP/9r08+ORu dKGIs7t0Fos2BaIrvB1UzU4cnQQ3sZi+RWeZEmqQiJ/6dJPM8E7SDypmG4WUK9hg fveeTv0tTbq+0tkv91mUQ+lHRinxcYAm85dQqzLWO+IzUAZ00nX/Nb8jXsjFC1G0 6zRnlJpPxW8xZcmbVu28D/j7Ia/Zx32gvBrY8YDpIcAd9yYA0Q0DZD4tmuo3P5pr S6TDgb6y7en1RM2GOAsBpb9G53fsE0E+w/B6IhVsP9wzxOmB4Vn88VO2HZbmGvm2 M0tC0pm95AR+bhjmxDdd0GhVcm9snQMoEvphIg+90yQWARbWF/c7/t0ageuyQNVm d+iTCTuILXQXb5fhogqgzJFWCn5t07DYzlP4cHGqxrHtjH7Z9KVZ6OMT3NxorQab ZZVlc84/pUq64epvOB2z2Bj/w5G6Y9zLb4ZPGxuEtHai4swjUvGrKXEJC6goFYXL NsNEZvYn33ZiyFJe2tt01psC3xwaZsPv0HxQg2P1mMy33jgqh/jWfsPi6JRLkEoA JlOCc29BQVxHlCLouSSeasmbJgvDzMqprT1PtjghL/LXz1xj34c= =1MW3 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY9NTVMkNZI30y1K9AQg5mA/+MUf8MRhpw6DKERDIV8NYZGL+KTvtJ9BJ 95wY7PzeJDBhDi7zmcs6fCpzYWf+dy8Lgb7MLTOW1wLN4m/9hRMulq6FJaeezu+X jC9X82G3SQ0LX/FXBAbD80RiVToPfrFH+//CsOXKJ+mi7y/XtcBiJ5EIeNedk8EB vWXLuLWu1LVyR23Sc9Oyg/orkUPxftxDvLCT2ie1CSHWqCJP/JW3R0oXvKDngEh6 4nzEPvb9qN/BQ3ApmlL4mVcA3q26MXrtoc/TDWmzkffjtIrbRiWozP0zg+QgDJQc yGgBFiVExhuSUeb35gAVCB8kIUlJ8pegUgkvcQtHQ37+4yCD1UcyFI1qjr6I7xai D/dLyBMyVAkdjO7AZT9KK4ARIvF96v+r0jvdKMODoHH8HmtFiB9SC6xNI3KLF6WU M2lc2acAi120xWRNztWjPLPoGWiWt+nTR0W7Nlg+u72lmnK+sb2oJ9Ss9EUC+T/F HCNsm9XF6Z8fEfPmfHoNysGUkYCB7yplE+inoXACztPKoXHMWiAXI1q5/WdHbP1w WKOGrrbFLHFEuCx0T/5hU3aYaLTo6P4H/TZX590/wiig0M6Ge68HkkYUinKrux+z 2L5K6tZzpBg8lFw2tOavLppQBdqrQsZj/Nu9Ga1KYyuI9XnPdFpVCP3Sk7XC+TH7 cVCsZzQDGJc= =ft9l -----END PGP SIGNATURE-----