[ MDVSA-2015:226 ] fcgi

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:226
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : fcgi
 Date    : May 4, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated fcgi packages fix security vulnerability:
 
 FCGI does not perform range checks for file descriptors before use of
 the FD_SET macro.  This FD_SET macro could allow for more than 1024
 total file descriptors to be monitored in the closing state. This
 may allow remote attackers to cause a denial of service (stack memory
 corruption, and infinite loop or daemon crash) by opening many socket
 connections to the host and crashing the service (CVE-2012-6687).
 _______________________________________________________________________

007 Software

[ MDVSA-2015:226 ] fcgi

Leave a Reply Cancel reply

Software and Security Information