Advisories » MGASA-2017-0203

Updated apache-mod_fcgid packages fix security vulnerability

Publication date: 13 Jul 2017
Modification date: 13 Jul 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1000104

Description

A remote attacker could have set the HTTP_PROXY environment variable of
CGI scripts (CVE-2016-1000104).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19237
• https://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000104

SRPMS

5/core

• apache-mod_fcgid-2.3.9-4.1.mga5