Folks, In response to CVE-2007-1359 (and https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231728) I am considering updating mod_security on all currently supported branches from the current 1.9.4 to 2.1.0 (with a local rule to fix the reported vulnerability until upstream releases 2.1.1 final) I'm taking this route because a) Ivan (Ristic, mod_security developer) hasn't backported any fixes to the 1.9 branch as yet and b) the newer versions are more flexible, can peform more tasks and are considerably quicker than older releases. It also contains a fairly broad set of default "core" rules that cover a fair range of common attacks and other bogosity. However, the rules syntax has changed considerably and the default config somewhat different, meaning that upgrades may not be as smooth and automatic as some may like, especially those who've added lots of extra rules (homegrown, gotroot.org etc.) or have otherwise tinkered with the config considerably. That being said if you simply used my original, spartan as-packaged configuration you may get away with only minimal changes. I've already installed one on my own server (FC5/i386) and it's been fairly painless thus far - but YMMV. Therefore rather than simply jam it all into CVS immediately and wait for the pitchfork brigade to arrive at my door, I've put up some test packages for FC5 and FC6 for feedback prior to an official Extras build. They can be found here: http://www.enlartenment.com/modsecurity/ Folks on PPC and/or Rawhide can of course build from source, I'd be interested in any results on those platforms (as I don't have either at the moment.) Feedback / better ideas / fixes etc. always welcomed. Michael Fleming. -- Michael Fleming <mfleming@xxxxxxxxxxxxxxxx> in Brisbane, Australia "Be master of your mind, not mastered by mind" -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
