mod_security-2.9.6-2.el9_6.1

エラータID: AXSA:2025-10705:03

Release date: 
Thursday, August 7, 2025 - 15:28
Subject: 
mod_security-2.9.6-2.el9_6.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

ModSecurity is an open source intrusion detection and prevention engine for web applications.

Security Fix(es):

* mod_security: ModSecurity Denial of Service Vulnerability (CVE-2025-48866)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-48866
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action.

Solution: 

Update packages.

CVEs: 
CVE-2025-48866
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action.
Additional Info: 

N/A

Download: 

SRPMS
  1. mod_security-2.9.6-2.el9_6.1.src.rpm
    MD5: 1784bd5f4db02bcb85364386251a4266
    SHA-256: 55e10acc72f372810770df43692552646eb8f8f491f46b49a8530ed80c430787
    Size: 4.12 MB

Asianux Server 9 for x86_64
  1. mod_security-2.9.6-2.el9_6.1.x86_64.rpm
    MD5: 35b5bf2000795bc81c8bbdbbae6272f8
    SHA-256: f06942bfbdf039390a806c5a908ed49aa414a151ee0acfa08f46a6b1271a7259
    Size: 274.19 kB
  2. mod_security-mlogc-2.9.6-2.el9_6.1.x86_64.rpm
    MD5: a0f2d6d0a9cb25c6df2f5f086c9c3918
    SHA-256: 3ff6e2da6b53eadde3106f02e3b9d39a5a79f3f69d7615940b98bfaaacab1593
    Size: 29.30 kB