A security update for modsecurity-crs has been issued for Debian GNU/Linux 11 (Bullseye) LTS to resolve several vulnerabilities related to SQL injections, rule set bypasses, and response body bypasses. The advisory, identified as DLA-4265-1, was released on August 8, 2025, and is managed by Adrian Bunk.
The update addresses critical security issues identified by the following CVE IDs:
- CVE-2020-22669: SQL injection bypass
- CVE-2022-39955: Partial rule set bypass
- CVE-2022-39956: Partial rule set bypass
- CVE-2022-39957: Response body bypass
- CVE-2022-39958: Response body bypass
The latest version of modsecurity-crs, 3.3.4-1~deb11u1, has been released to correct these vulnerabilities. Users are strongly advised to upgrade their modsecurity-crs packages to enhance security.
For further details on the security status of modsecurity-crs, users can visit the Debian security tracker page. Additionally, information regarding Debian LTS security advisories, steps to apply updates, and answers to frequently asked questions can be found on the Debian wiki.
In light of these vulnerabilities, it is crucial for system administrators to stay informed about security updates and to implement them promptly to safeguard their systems against potential attacks. Regular monitoring of security advisories and updates is recommended to maintain the integrity and security of the Debian GNU/Linux environment
The update addresses critical security issues identified by the following CVE IDs:
- CVE-2020-22669: SQL injection bypass
- CVE-2022-39955: Partial rule set bypass
- CVE-2022-39956: Partial rule set bypass
- CVE-2022-39957: Response body bypass
- CVE-2022-39958: Response body bypass
The latest version of modsecurity-crs, 3.3.4-1~deb11u1, has been released to correct these vulnerabilities. Users are strongly advised to upgrade their modsecurity-crs packages to enhance security.
For further details on the security status of modsecurity-crs, users can visit the Debian security tracker page. Additionally, information regarding Debian LTS security advisories, steps to apply updates, and answers to frequently asked questions can be found on the Debian wiki.
In light of these vulnerabilities, it is crucial for system administrators to stay informed about security updates and to implement them promptly to safeguard their systems against potential attacks. Regular monitoring of security advisories and updates is recommended to maintain the integrity and security of the Debian GNU/Linux environment
Modsecurity-CRS security update for Debian 11 LTS
A security update for modsecurity-crs has been released for Debian GNU/Linux 11 (Bullseye) LTS to address several issues concerning SQL, rule, and response body bypass:
[DLA 4265-1] modsecurity-crs security updateModsecurity-CRS security update for Debian 11 LTS @ Linux Compatible
