ELA-1529-1 modsecurity-apache security update

cross-site scripting

2025-09-30
Packagemodsecurity-apache
Version2.9.3-3+deb11u5~deb10u1 (buster)
Related CVEs CVE-2025-54571


Cross-site scripting due to insufficient return value handling has been fixed in modsecurity-apache, a module for the Apache webserver to tighten Web application security.



For Debian 10 buster, these problems have been fixed in version 2.9.3-3+deb11u5~deb10u1.

We recommend that you upgrade your modsecurity-apache packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.