-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4765-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 18, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : modsecurity CVE ID : CVE-2020-15598 Ervin Hegedues discovered that ModSecurity v3 enabled global regular expression matching which could result in denial of service. For additional information please refer to https://coreruleset.org/20200914/cve-2020-15598/ For the stable distribution (buster), this problem has been fixed in version 3.0.3-1+deb10u2. We recommend that you upgrade your modsecurity packages. For the detailed security status of modsecurity please refer to its security tracker page at: https://security-tracker.debian.org/tracker/modsecurity Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9k7KYACgkQEMKTtsN8 TjaASRAAjGXTK61FOxon1L5CmULhQfAKCt82t15651wNNV1MHblhEMgsi3V2Hs0Y r5y4bdYhAFSyLRm+xqbFOUIury7Wwg8l7xBvdsNEvIaWDjwsZ0bDpxbqXrDK+jGQ Z/Xe20+V/CSvzjOJznsOw35+4/TxhhYyKQyyiaTARHe6Mq5HAKoLSj1qxts/b9yt rN6w/DID08Y8xWnyb5lFPw13xNDIbsBQd24Y7Nc2xoFsW0OHgudoAbL541hnqxty 37Dn3FcJWtE6DFxcwI+GW75uT9roN9Rftyj72rhU8F6bgoJbR4D8zki3aspIEoel pQvgCEktyk5F9pqKpYMhzeL3RjghrVXfrbiVglzfjzKWJf/MrEH/bryQ/o2FBz8B Pm8IRpJtSIVRry7Gu0wrMAapfEiPLCUR5YMaZ1UVfhtAxQZ3o3jGVn2UbqWjYgW5 likuT3d087Ug1w7upv3B79LbPIqQCLfd0o2wBsQq7gURIYAxUYctsCl2s/tyeNc3 ZK+IdAy5RGRd/MRyuBirhltv21hqhlUyfcUTsHPhRhWL8pY5n7ux2GUbNARK1gEG c7jRaTKTGYpO9tcmC4Wx022mfmHDnqegCv6wM4Wr4BoK4gf4yBQrdMsTBnLbX+b0 qM3d+lF+eep6uvBY105xe4E0T/DIljA7fMdiGRjaSyK8Bx0nxSk= =Uwvq -----END PGP SIGNATURE-----