User: Password:
Subscribe / Log in / New account

Fedora alert FEDORA-2010-17474 (mod_fcgid)

Subject:  [SECURITY] Fedora 12 Update: mod_fcgid-2.3.6-1.fc12
Date:  Tue, 16 Nov 2010 23:15:03 +0000
Message-ID:  <>
Archive-link:  Article, Thread

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-17474 2010-11-08 21:38:13 -------------------------------------------------------------------------------- Name : mod_fcgid Product : Fedora 12 Version : 2.3.6 Release : 1.fc12 URL : Summary : FastCGI interface module for Apache 2 Description : mod_fcgid is a binary-compatible alternative to the Apache module mod_fastcgi. mod_fcgid has a new process management strategy, which concentrates on reducing the number of fastcgi servers, and kicking out corrupt fastcgi servers as soon as possible. -------------------------------------------------------------------------------- Update Information: This update to the current upstream maintenance release includes a fix for a possible stack buffer overwrite (CVE-2010-3872). It also changes the default value of FcgidMaxRequestLen from 1GB to 128K; administrators should change this to an appropriate value based on site requirements. Other changes are described in CHANGES-FCGID document included in the package. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 4 2010 Paul Howarth <> 2.3.6-1 - Update to 2.3.6 (see CHANGES-FCGID for full details) - Fix possible stack buffer overwrite (CVE-2010-3872) - Change the default for FcgidMaxRequestLen from 1GB to 128K; administrators should change this to an appropriate value based on site requirements - Correct a problem that resulted in FcgidMaxProcesses being ignored in some situations - Return 500 instead of segfaulting when the application returns no output - Don't include SELinux policy for RHEL-5 builds since RHEL >= 5.5 includes it - Explicitly require /bin/sed for fixconf script * Tue Jun 8 2010 Paul Howarth <> 2.3.5-2 - SELinux policy module not needed for RHEL-6 onwards * Wed Jan 27 2010 Paul Howarth <> 2.3.5-1 - Update to 2.3.5 (see CHANGES-FCGID for details) - Drop upstream svn patch -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update mod_fcgid' at the command line. For more information, refer to "Managing Software with yum", available at All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds