Advisories » MGASA-2015-0184

Updated fcgi packages fix CVE-2012-6687

Publication date: 03 May 2015
Modification date: 03 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2012-6687

Description

Updated fcgi packages fix security vulnerability:

FCGI does not perform range checks for file descriptors before use of the
FD_SET macro.  This FD_SET macro could allow for more than 1024 total file
descriptors to be monitored in the closing state. This may allow remote
attackers to cause a denial of service (stack memory corruption, and infinite
loop or daemon crash) by opening many socket connections to the host and
crashing the service (CVE-2012-6687).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15808
• https://lists.fedoraproject.org/pipermail/package-announce/2015-April/156731.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6687

SRPMS

4/core

• fcgi-2.4.0-15.1.mga4