perl-FCGI-0.79-8.1.el9_6

エラータID: AXSA:2025-10601:01

Release date: 
Friday, July 25, 2025 - 18:10
Subject: 
perl-FCGI-0.79-8.1.el9_6
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

FastCGI Perl bindings.

Security Fix(es):

* perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library (CVE-2025-40907)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-40907
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

Solution: 

Update packages.

CVEs: 
CVE-2025-40907
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
Additional Info: 

N/A

Download: 

SRPMS
  1. perl-FCGI-0.79-8.1.el9_6.src.rpm
    MD5: aba2adc01228d294e909dac4bb8eb827
    SHA-256: b8b00d6f5052c9813e163a150709c3fc595f0d43ceff50cc9af2ba82f86c6412
    Size: 105.33 kB

Asianux Server 9 for x86_64
  1. perl-FCGI-0.79-8.1.el9_6.x86_64.rpm
    MD5: 2d25bd12a7f72cbc963369f6327564cc
    SHA-256: 097a7a12a44ea78ef2c5dde0984e2ddcd7c3cb02a92a76be3dc20cccf1e5191c
    Size: 46.14 kB