apache2-mod_security2-2.9.12-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16518 Final 1 1 2025-08-18T00:00:00Z current 2025-08-18T00:00:00Z 2025-08-18T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z apache2-mod_security2-2.9.12-1.1 on GA media These are all security issues fixed in the apache2-mod_security2-2.9.12-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16518 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-54571/ SUSE CVE CVE-2025-54571 page openSUSE Tumbleweed apache2-mod_security2-2.9.12-1.1 apache2-mod_security2-2.9.12-1.1 as a component of openSUSE Tumbleweed ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response's Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrated the potential for XSS and arbitrary script source code disclosure in the latest version of mod_security2. This issue is fixed in version 2.9.12. CVE-2025-54571 openSUSE Tumbleweed:apache2-mod_security2-2.9.12-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-54571.html CVE-2025-54571 https://bugzilla.suse.com/1247674 SUSE Bug 1247674