From Mageia wiki
Jump to: navigation, search

MGASA-2012-0158

Date: July 10th, 2012
Affected releases: 2


Description:
Updated apache-mod_security package fixes security vulnerability:

Qualys Vulnerability & Malware Research Labs discovered a
vulnerability in ModSecurity, a security module for the Apache webserver.
In situations where both "Content:Disposition: attachment" and
"Content-Type: multipart" were present in HTTP headers, the vulnerability
could allow an attacker to bypass policy and execute cross-site script
(XSS) attacks through properly crafted HTML documents (CVE-2012-2751).


Updated Packages:
apache-mod_security-2.6.3-3.2.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2751
http://www.debian.org/security/2012/dsa-2506
https://bugs.mageia.org/show_bug.cgi?id=6678