Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2010-3872: [SECURITY] Fedora 12 Update: mod_fcgid-2.3.6-1.fc12

The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to “untrusted FastCGI applications” and a “stack buffer overwrite.”

CVE
#linux#apache#perl#auth#ruby

updates at fedoraproject.org updates at fedoraproject.org
Tue Nov 16 23:15:03 UTC 2010

  • Previous message: Fedora 13 Update: rubygem-hpricot-0.8.3-1.fc13
  • Next message: Fedora 12 Update: perl-Verilog-Perl-3.304-1.fc12
  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-17474 2010-11-08 21:38:13


Name : mod_fcgid Product : Fedora 12 Version : 2.3.6 Release : 1.fc12 URL : http://httpd.apache.org/mod_fcgid/ Summary : FastCGI interface module for Apache 2 Description : mod_fcgid is a binary-compatible alternative to the Apache module mod_fastcgi. mod_fcgid has a new process management strategy, which concentrates on reducing the number of fastcgi servers, and kicking out corrupt fastcgi servers as soon as possible.


Update Information:

This update to the current upstream maintenance release includes a fix for a possible stack buffer overwrite (CVE-2010-3872).

It also changes the default value of FcgidMaxRequestLen from 1GB to 128K; administrators should change this to an appropriate value based on site requirements.

Other changes are described in CHANGES-FCGID document included in the package.

ChangeLog:

* Thu Nov 4 2010 Paul Howarth <paul at city-fan.org> 2.3.6-1

  • Update to 2.3.6 (see CHANGES-FCGID for full details)
    • Fix possible stack buffer overwrite (CVE-2010-3872)
    • Change the default for FcgidMaxRequestLen from 1GB to 128K; administrators should change this to an appropriate value based on site requirements
    • Correct a problem that resulted in FcgidMaxProcesses being ignored in some situations
    • Return 500 instead of segfaulting when the application returns no output
  • Don’t include SELinux policy for RHEL-5 builds since RHEL >= 5.5 includes it
  • Explicitly require /bin/sed for fixconf script * Tue Jun 8 2010 Paul Howarth <paul at city-fan.org> 2.3.5-2
  • SELinux policy module not needed for RHEL-6 onwards * Wed Jan 27 2010 Paul Howarth <paul at city-fan.org> 2.3.5-1
  • Update to 2.3.5 (see CHANGES-FCGID for details)
  • Drop upstream svn patch

This update can be installed with the “yum” update program. Use su -c ‘yum update mod_fcgid’ at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys


  • Previous message: Fedora 13 Update: rubygem-hpricot-0.8.3-1.fc13
  • Next message: Fedora 12 Update: perl-Verilog-Perl-3.304-1.fc12
  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the package-announce mailing list

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907