2023-10-28
ALT-BU-2023-6704-1
Branch sisyphus_e2k update bulletin.
Package modsecurity updated to version 3.0.10-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Published: 2023-04-28
Modified: 2025-01-31
Modified: 2025-01-31
CVE-2023-28882
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-07-27
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-38285
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/
- https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/
- https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/
Package libtorrent-rasterbar updated to version 2.0.9-alt1 for branch sisyphus_e2k.
Closed bugs
BR: собрать новую версию 2.0.9