perl-FCGI:0.78 security update
エラータID: AXSA:2025-10020:01
リリース日:
2025/06/16 Monday - 20:53
題名:
perl-FCGI:0.78 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- perl-FCGI には、整数オーバーフローの問題があるため、リモートの
攻撃者により、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-40907)
Modularity name: perl-FCGI
Stream name: 0.78
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-40907
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
追加情報:
N/A
ダウンロード:
SRPMS
- perl-FCGI-0.78-12.module+el8+1885+a05b2fd0.src.rpm
MD5: 7825719278c2561dd4977b34f4a68736
SHA-256: bad1e73526c4c7fdfef992d095a3d6dcc8d89d9abed50a239fc691e9935e4bc2
Size: 106.33 kB
Asianux Server 8 for x86_64
- perl-FCGI-0.78-12.module+el8+1885+a05b2fd0.x86_64.rpm
MD5: 9202520a5afc60479609e38478b0cdd7
SHA-256: 3982dfbd12ed7abea48e1b758bfff4ecd9079c6c330cdae27c5a76c1643350e4
Size: 48.19 kB - perl-FCGI-debugsource-0.78-12.module+el8+1885+a05b2fd0.x86_64.rpm
MD5: c34474ca14d486a4cb64b5cfd8324afb
SHA-256: 92987143c98871566cb0eb4baccdb480fd124edd8b4325ce13f7bd207934e1e3
Size: 43.54 kB
English