Advisories ยป MGASA-2015-0184

Updated fcgi packages fix CVE-2012-6687

Publication date: 03 May 2015
Modification date: 03 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2012-6687

Description

Updated fcgi packages fix security vulnerability:

FCGI does not perform range checks for file descriptors before use of the
FD_SET macro.  This FD_SET macro could allow for more than 1024 total file
descriptors to be monitored in the closing state. This may allow remote
attackers to cause a denial of service (stack memory corruption, and infinite
loop or daemon crash) by opening many socket connections to the host and
crashing the service (CVE-2012-6687).
                

References

SRPMS

4/core