Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2013:029)
Medium Nessus Plugin ID 66043
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been discovered and corrected in apache-mod_security :
ModSecurity <= 2.6.8 is vulnerable to multipart/invalid part ruleset bypass, this was fixed in 2.7.0 (released on2012-10-16) (CVE-2012-4528).
The updated packages have been patched to correct this issue.
NOTE: This advisory was previousely given the MDVSA-2013:016 identifier by mistake.
SolutionUpdate the affected apache-mod_security and / or mlogc packages.