perl-FCGI:0.78 security update
エラータID: AXSA:2025-10019:01
リリース日:
2025/06/16 Monday - 20:43
題名:
perl-FCGI:0.78 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- perl-FCGI には、整数オーバーフローの問題があるため、リモートの
攻撃者により、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-40907)
Modularity name: perl-FCGI
Stream name: 0.78
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-40907
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
追加情報:
N/A
ダウンロード:
SRPMS
- perl-FCGI-0.78-12.module+el8+1885+5e4e79a6.src.rpm
MD5: e69a8b38bd9d817fe979fc3eac88e1c4
SHA-256: e608ae3f8f87851c7839615168ca63186cbfeed917ac8c2a4d5619fbc4bc2854
Size: 106.33 kB
Asianux Server 8 for x86_64
- perl-FCGI-0.78-12.module+el8+1885+5e4e79a6.x86_64.rpm
MD5: aa4952be1a58f6715a3b069b62f4904b
SHA-256: 61661903a84327f2172730ec1c833691b23b985566455324290aa590bd626376
Size: 48.28 kB - perl-FCGI-debugsource-0.78-12.module+el8+1885+5e4e79a6.x86_64.rpm
MD5: d24e83f7ea52597a4e15c1e6a9b66d57
SHA-256: 599a3d992979aebfe92f25bc6906590326189b8f0514f2e2f83f810cf04e029a
Size: 43.54 kB
English