Package: libapache2-mod-security2 Version: 2.9.3-2 Severity: normal Dear Maintainer,
When SecRemoteRules are configured, Apache segfaults. Removing the SecRemoteRules configuration lines resolves the problem. This appears to be a known issue in modsecurity 2.9.3 - https://github.com/SpiderLabs/ModSecurity/issues/1982 with an available patch there to fix this. https://github.com/SpiderLabs/ModSecurity/commit/52532a1bce0b705c0aa4365fecf727b836d37f00 -- System Information: Debian Release: 10.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-9-amd64 (SMP w/4 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8), LANGUAGE=en_NZ:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libapache2-mod-security2 depends on: ii apache2-bin [apache2-api-20120211] 2.4.46-1~bpo10+1 ii libapr1 1.6.5-1+b1 ii libaprutil1 1.6.1-4 ii libc6 2.28-10 ii libcurl3-gnutls 7.64.0-4+deb10u1 ii liblua5.1-0 5.1.5-8.1+b2 ii libpcre3 2:8.39-12 ii libxml2 2.9.4+dfsg1-7+b3 ii libyajl2 2.1.0-3 Versions of packages libapache2-mod-security2 recommends: ii modsecurity-crs 3.1.0-1+deb10u1 libapache2-mod-security2 suggests no packages. -- no debconf information
