From Mageia wiki
MGASA-2012-0158
| Date: | July 10th, 2012 |
| Affected releases: | 2 |
Description:
Updated apache-mod_security package fixes security vulnerability:
Qualys Vulnerability & Malware Research Labs discovered a
vulnerability in ModSecurity, a security module for the Apache webserver.
In situations where both "Content:Disposition: attachment" and
"Content-Type: multipart" were present in HTTP headers, the vulnerability
could allow an attacker to bypass policy and execute cross-site script
(XSS) attacks through properly crafted HTML documents (CVE-2012-2751).
Updated Packages:
apache-mod_security-2.6.3-3.2.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2751
http://www.debian.org/security/2012/dsa-2506
https://bugs.mageia.org/show_bug.cgi?id=6678
