perl-FCGI:0.78 security update
エラータID: AXSA:2025-10017:01
リリース日:
2025/06/16 Monday - 19:35
題名:
perl-FCGI:0.78 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- perl-FCGI には、整数オーバーフローの問題があるため、リモートの
攻撃者により、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-40907)
Modularity name: perl-FCGI
Stream name: 0.78
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-40907
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
追加情報:
N/A
ダウンロード:
SRPMS
- perl-FCGI-0.78-12.module+el8+1885+d7384147.src.rpm
MD5: 7bef3a3dd7d68c8e0e5f6870385e260d
SHA-256: b71bf57b7c568c4a86c5fff6ce836958378c7f88a06be4607c4fd42019cbbb3c
Size: 106.33 kB
Asianux Server 8 for x86_64
- perl-FCGI-0.78-12.module+el8+1885+d7384147.x86_64.rpm
MD5: d14dcaecfc260567fe65de7672823083
SHA-256: 89db93c533a4919f217923a1755b7b7392748d242c5f16880ede6bdc0068869a
Size: 48.29 kB - perl-FCGI-debugsource-0.78-12.module+el8+1885+d7384147.x86_64.rpm
MD5: 4dc42783f5e5a9496f1710f8f004fd8b
SHA-256: 927d94e09a6bc7e7146ad186b857e607a3ded351818a3cd56c48e6e093880019
Size: 43.54 kB