|
|
Subscribe / Log in / New account

Mageia alert MGASA-2016-0089 (perl-FCGI)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2016-0089: Updated perl-FCGI packages fix CVE-2012-6687 


Date:
    	      Wed, 2 Mar 2016 19:29:21 +0100


Message-ID:
    	      <20160302182921.69F6F9F698@duvel.mageia.org>


MGASA-2016-0089 - Updated perl-FCGI packages fix CVE-2012-6687

Publication date: 02 Mar 2016
URL: http://advisories.mageia.org/MGASA-2016-0089.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2012-6687

Description:
Updated fcgi packages fix security vulnerability:

FCGI does not perform range checks for file descriptors before use of the
FD_SET macro.  This FD_SET macro could allow for more than 1024 total file
descriptors to be monitored in the closing state. This may allow remote
attackers to cause a denial of service (stack memory corruption, and infinite
loop or daemon crash) by opening many socket connections to the host and
crashing the service (CVE-2012-6687).

References:
- https://bugs.mageia.org/show_bug.cgi?id=17823
- http://lwn.net/Alerts/677312/
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6687

SRPMS:
- 5/core/perl-FCGI-0.770.0-4.1.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds