perl-FCGI:0.78 security update
エラータID: AXSA:2025-10018:01
リリース日:
2025/06/16 Monday - 20:39
題名:
perl-FCGI:0.78 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- perl-FCGI には、整数オーバーフローの問題があるため、リモートの
攻撃者により、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-40907)
Modularity name: perl-FCGI
Stream name: 0.78
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-40907
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
追加情報:
N/A
ダウンロード:
SRPMS
- perl-FCGI-0.78-12.module+el8+1885+5bf0295f.src.rpm
MD5: 46b8ece8eaaf3ca30755d6c9b990428b
SHA-256: 69cd7c202b0978aa36741ff1d03ce9bbdad98527c203fcaf0c71e86b6fab7e60
Size: 106.33 kB
Asianux Server 8 for x86_64
- perl-FCGI-0.78-12.module+el8+1885+5bf0295f.x86_64.rpm
MD5: c35ffc19d717a98d2074093ea5a01a9f
SHA-256: f9dcac4b6cb92a5449d7c2e5bcf99b2778c58d16db07fa07d6f3e306678c3a97
Size: 48.22 kB - perl-FCGI-debugsource-0.78-12.module+el8+1885+5bf0295f.x86_64.rpm
MD5: a67036facc4445bc23feaec89b88a918
SHA-256: df836f3431609b765b83b1fc25790279b963cfa93065ceead1ce3529ff7728a9
Size: 43.54 kB
English