Home / mailings [SECURITY] [DSA 5940-1] modsecurity-apache security update
Posted on 08 June 2025
Debian Security Advisory- -------------------------------------------------------------------------
Debian Security Advisory DSA-5940-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 08, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : modsecurity-apache
CVE ID : CVE-2025-47947 CVE-2025-48866
Debian Bug : 1106286 1107196
Several vulnerabilities were discovered in modsecurity-apache, an Apache
module to tighten the Web application security, which may result in
denial of service (high memory consumption).
For the stable distribution (bookworm), these problems have been fixed in
version 2.9.7-1+deb12u1.
We recommend that you upgrade your modsecurity-apache packages.
For the detailed security status of modsecurity-apache please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/modsecurity-apache
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
