Advisories » MGASA-2016-0089

Updated perl-FCGI packages fix CVE-2012-6687

Publication date: 02 Mar 2016
Modification date: 02 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2012-6687

Description

Updated fcgi packages fix security vulnerability:

FCGI does not perform range checks for file descriptors before use of the
FD_SET macro.  This FD_SET macro could allow for more than 1024 total file
descriptors to be monitored in the closing state. This may allow remote
attackers to cause a denial of service (stack memory corruption, and infinite
loop or daemon crash) by opening many socket connections to the host and
crashing the service (CVE-2012-6687).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17823
• http://lwn.net/Alerts/677312/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6687

SRPMS

5/core

• perl-FCGI-0.770.0-4.1.mga5