1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2778-1] libapache2-mod-fcgid security update

    From Salvatore Bonaccorso@1:229/2 to All on Sat Oct 12 00:40:02 2013
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2778-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 12, 2013 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libapache2-mod-fcgid
    Vulnerability : heap-based buffer overflow
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2013-4365

    Robert Matthews discovered that the Apache FCGID module, a FastCGI implementation for Apache HTTP Server, fails to perform adequate
    boundary checks on user-supplied input. This may allow a remote attacker
    to cause a heap-based buffer overflow, resulting in a denial of service
    or potentially allowing the execution of arbitrary code.

    For the oldstable distribution (squeeze), this problem has been fixed in version 1:2.3.6-1+squeeze2.

    For the stable distribution (wheezy), this problem has been fixed in
    version 1:2.3.6-1.2+deb7u1.

    For the unstable distribution (sid), this problem has been fixed in
    version 1:2.3.9-1.

    We recommend that you upgrade your libapache2-mod-fcgid packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.15 (GNU/Linux)

    iQIcBAEBCgAGBQJSWHsQAAoJEAVMuPMTQ89ErSUQAJYBriFZIkIOLf1MqWCBrYdO sg3pLRurqikUwKb+57SSpkAPt8UYWLujUunrb8ONW1K7bOIg4MzW1oJIPYZx95JG eMSLCd4o3BjyF4rXyqw3y8LM+d19DXB1Blhq8BHsl1SA9PHyqDwq7TXX24Oxpfbe TI9OEn/qDekvP2XJJ0kT3y6Ny8I44117d+yaMlDWc0Y56DE2rkHM0Px6wa/IPJ10 6NxuXKbNFzg9L+Pmifuji79N5325JITQmaoqfQeFxcgoVyqwzfW/kzWmRpcQDeqW 4M+Z8XuuEoyCt7qK/qf1i2tbO6nclGCZmMWfz9NyGpsbgHUiW8tlm/KcZZKqKWFb 2QJ2oVXNbEZwDP5ah4iywjeNitu/Ccr+dLVRAr+5QrswW3FUX/zH+mW5pPUNcOWA tt+fnryd0EynVnH25jE5qS5j57iZ8KT+w/cAGUcQWrbrokDjQ5choBcG47XkAhL5 omHJ7pzA9Jol3Dx6gpu+eRJmKTqRBCEclVb3186vCv8gb0hxFmJobWkxCQXxEVN7 GCnD65UHBkJg2j7rDmC/z/1bewMqQYEszqSAY8d2O0gddB881g1ADcThRx7Lk5Er 4i8E413umowNT0oMvqKxhnXVTYVIbqXt94ARCEvHH1P/H8ioRwqz5nRX+87LrlWD 2MJ1Sch8sDPeOeFTwLdM
    =FYJO
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)