perl-FCGI:0.78 security update

エラータID: AXSA:2025-10017:01

Release date: 
Monday, June 16, 2025 - 19:35
Subject: 
perl-FCGI:0.78 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The perl-FCGI package provides a Perl module for writing FastCGI applications.
FastCGI is a more efficient alternative to traditional CGI, as it keeps
application processes persistent across multiple requests. This module allows
Perl web applications to handle requests faster and with lower resource
overhead, making it suitable for high-traffic environments.

Security Fix(es):

* perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable
version of the FastCGI fcgi2 (aka fcgi) library (CVE-2025-40907)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2025-40907
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the
FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by
CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer
overflow) via crafted nameLen or valueLen values in data to the IPC socket. This
occurs in ReadParams in fcgiapp.c.

Modularity name: "perl-FCGI"
Stream name: "0.78"

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. perl-FCGI-0.78-12.module+el8+1885+d7384147.src.rpm
    MD5: 7bef3a3dd7d68c8e0e5f6870385e260d
    SHA-256: b71bf57b7c568c4a86c5fff6ce836958378c7f88a06be4607c4fd42019cbbb3c
    Size: 106.33 kB

Asianux Server 8 for x86_64
  1. perl-FCGI-0.78-12.module+el8+1885+d7384147.x86_64.rpm
    MD5: d14dcaecfc260567fe65de7672823083
    SHA-256: 89db93c533a4919f217923a1755b7b7392748d242c5f16880ede6bdc0068869a
    Size: 48.29 kB
  2. perl-FCGI-debugsource-0.78-12.module+el8+1885+d7384147.x86_64.rpm
    MD5: 4dc42783f5e5a9496f1710f8f004fd8b
    SHA-256: 927d94e09a6bc7e7146ad186b857e607a3ded351818a3cd56c48e6e093880019
    Size: 43.54 kB