Importantissimo para administradores de sistemas linux que utilizam apache! (: <br clear="all"><div style="text-align:center;font-family:verdana,sans-serif"><div style="text-align:right"><div style="text-align:left"><div style="text-align:left">
<font size="1"><span style="font-variant:normal;font-family:verdana,sans-serif"><p style="text-align:center">
</p></span></font></div><div style="text-align:center;font-family:verdana,sans-serif"></div></div></div></div><div style="text-align:center"><div style="text-align:left"><font size="1"><span style="font-family:verdana,sans-serif"><i>Att. Kembolle Amilkar </i></span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">#/</span><span style="font-family:verdana,sans-serif">[ <a href="http://www.kembolle.com.br" target="_blank">kembolle.com.br</a> ] - Consultoria Segurança da Informação. </span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">#/ [ <a href="http://samurayconsultoria.com.br" target="_blank">samurayconsultoria.com.br</a> ] - Chief Security Officer - Samuray Consultoria. </span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">#/ Systems Analyst | Esp. Information Security | Computer Forensic Expert | </span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">#/ Owasp Chapter Lider Cuiabá - <a href="https://www.owasp.org/index.php/Cuiaba" target="_blank">https://www.owasp.org/index.php/Cuiaba</a></span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">#/ Mobile: [65] 9979-2925  && contato[at]<a href="http://kembolle.com.br" target="_blank">kembolle.com.br</a>.</span></font></div><div style="text-align:left"><font style="font-family:verdana,sans-serif;color:rgb(153,153,153)" size="1"><b></b></font></div>
</div>
<br>
<br> <div class="gmail_quote">Subject: [Full-disclosure] [SECURITY] [DSA 2506-1] libapache-mod-security security update<br> <br>-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA512<br>
<br>
<br>
- -------------------------------------------------------------------------<br>
Debian Security Advisory DSA-2506-1                   <a href="mailto:security@debian.org">security@debian.org</a><br>
<a href="http://www.debian.org/security/" target="_blank">http://www.debian.org/security/</a>                         Yves-Alexis Perez<br>
July 02, 2012                          <a href="http://www.debian.org/security/faq" target="_blank">http://www.debian.org/security/faq</a><br>
- -------------------------------------------------------------------------<br>
<br>
Package        : libapache-mod-security<br>
Vulnerability  : modsecurity bypass<br>
Problem type   : remote<br>
Debian-specific: no<br>
CVE ID         : CVE-2012-2751<br>
Debian Bug     : #678529<br>
<br>
Qualys Vulnerability & Malware Research Labs discovered a vulnerability in<br>
ModSecurity, a security module for the Apache webserver. In situations where<br>
both 'Content:Disposition: attachment' and 'Content-Type: multipart' were<br>
present in HTTP headers, the vulernability could allow an attacker to bypass<br>
policy and execute cross-site script (XSS) attacks through properly crafted<br>
HTML documents.<br>
<br>
For the stable distribution (squeeze), this problem has been fixed in<br>
version 2.5.12-1+squeeze1.<br>
<br>
For the testing distribution (wheezy), this problem has been fixed in<br>
version 2.6.6-1.<br>
<br>
For the unstable distribution (sid), this problem has been fixed in<br>
version 2.6.6-1.<br>
<br>
In testing and unstable distribution, the source package has been renamed to<br>
modsecurity-apache.<br>
<br>
We recommend that you upgrade your libapache-mod-security packages.<br>
<br>
Further information about Debian Security Advisories, how to apply<br>
these updates to your system and frequently asked questions can be<br>
found at: <a href="http://www.debian.org/security/" target="_blank">http://www.debian.org/security/</a><br>
<br>
Mailing list: <a href="mailto:debian-security-announce@lists.debian.org">debian-security-announce@lists.debian.org</a><br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.12 (GNU/Linux)<br>
<br>
iQIcBAEBCgAGBQJP8gUJAAoJEDBVD3hx7wuorYsP/0piBkdat3z+hEkDTyfz4H/E<br>
hok0hpNg0IuO1Sum8qILokOwA9cZI9v8s76MMG2hfh15oL1Ix05ltGCuYOT4v3JY<br>
ZuAOULoIxZvXOljy7gXLOBv1lW/b6BsHkxzfj3uc2xBd9vcVPjjo6lvJkt9WG1o8<br>
0mvm6Ag3P1EgYrjLCfWFBWCKZIq3ZXeeNrgwnFcF499lFAnfwinf6IrdaTxzbeLV<br>
9m9wmboEMe6848kA0gfeGBbhGvMZ94jB2hOSITQVs3YxPQP4kWiVlPcHMRM+noDq<br>
4UYBzHPx+8o1F8rPUEt77wBCnwrkttGLX3AAAdKmgmNk4myasY923SoeZ8aGIg4l<br>
YKbNCeDl0onJ8/3HGLHPWHxJ5eJC9sWV/6ejkzJGeMtXrD4/4/wRkajiSYDJDcf8<br>
1PedmqBr7L91eCJ0QyHXTLNxOhzVzxmvjE5ZVfjko29y0QA/EYJcwKhsRWgHPuwB<br>
8GxvI7FLrYBw2xGAL/m/dLazWGITlcAo9rj7QxMQrmjBH6OmDp67gGj11BkX0GmC<br>
VJH7YYyLDbbkkdstzXbNRPY/Th3/kN2MjqDccozX6CJ+WtrsxksuvfpxNCVMNd9a<br>
8L4MlzpGsw63gv39/taG2KIlm+4nx+rIIVabctmwYfksR8PVewiP6QrEvlMAXYal<br>
qH+3QNggxR338GPlR+Vv<br>
=3M0X<br>
-----END PGP SIGNATURE-----<br>
<br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br>
</div><br>