libmodsecurity3-3.0.14-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16008 Final 1 1 2025-03-31T00:00:00Z current 2025-03-31T00:00:00Z 2025-03-31T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libmodsecurity3-3.0.14-1.1 on GA media These are all security issues fixed in the libmodsecurity3-3.0.14-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16008 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-27110/ SUSE CVE CVE-2025-27110 page openSUSE Tumbleweed libmodsecurity3-3.0.14-1.1 modsecurity-3.0.14-1.1 modsecurity-devel-3.0.14-1.1 libmodsecurity3-3.0.14-1.1 as a component of openSUSE Tumbleweed modsecurity-3.0.14-1.1 as a component of openSUSE Tumbleweed modsecurity-devel-3.0.14-1.1 as a component of openSUSE Tumbleweed Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available. CVE-2025-27110 openSUSE Tumbleweed:libmodsecurity3-3.0.14-1.1 openSUSE Tumbleweed:modsecurity-3.0.14-1.1 openSUSE Tumbleweed:modsecurity-devel-3.0.14-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-27110.html CVE-2025-27110 https://bugzilla.suse.com/1238061 SUSE Bug 1238061