[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 2778-1] libapache2-mod-fcgid security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2778-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
October 12, 2013                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libapache2-mod-fcgid
Vulnerability  : heap-based buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-4365

Robert Matthews discovered that the Apache FCGID module, a FastCGI
implementation for Apache HTTP Server, fails to perform adequate
boundary checks on user-supplied input. This may allow a remote attacker
to cause a heap-based buffer overflow, resulting in a denial of service
or potentially allowing the execution of arbitrary code.

For the oldstable distribution (squeeze), this problem has been fixed in
version 1:2.3.6-1+squeeze2.

For the stable distribution (wheezy), this problem has been fixed in
version 1:2.3.6-1.2+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 1:2.3.9-1.

We recommend that you upgrade your libapache2-mod-fcgid packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCgAGBQJSWHsQAAoJEAVMuPMTQ89ErSUQAJYBriFZIkIOLf1MqWCBrYdO
sg3pLRurqikUwKb+57SSpkAPt8UYWLujUunrb8ONW1K7bOIg4MzW1oJIPYZx95JG
eMSLCd4o3BjyF4rXyqw3y8LM+d19DXB1Blhq8BHsl1SA9PHyqDwq7TXX24Oxpfbe
TI9OEn/qDekvP2XJJ0kT3y6Ny8I44117d+yaMlDWc0Y56DE2rkHM0Px6wa/IPJ10
6NxuXKbNFzg9L+Pmifuji79N5325JITQmaoqfQeFxcgoVyqwzfW/kzWmRpcQDeqW
4M+Z8XuuEoyCt7qK/qf1i2tbO6nclGCZmMWfz9NyGpsbgHUiW8tlm/KcZZKqKWFb
2QJ2oVXNbEZwDP5ah4iywjeNitu/Ccr+dLVRAr+5QrswW3FUX/zH+mW5pPUNcOWA
tt+fnryd0EynVnH25jE5qS5j57iZ8KT+w/cAGUcQWrbrokDjQ5choBcG47XkAhL5
omHJ7pzA9Jol3Dx6gpu+eRJmKTqRBCEclVb3186vCv8gb0hxFmJobWkxCQXxEVN7
GCnD65UHBkJg2j7rDmC/z/1bewMqQYEszqSAY8d2O0gddB881g1ADcThRx7Lk5Er
4i8E413umowNT0oMvqKxhnXVTYVIbqXt94ARCEvHH1P/H8ioRwqz5nRX+87LrlWD
2MJ1Sch8sDPeOeFTwLdM
=FYJO
-----END PGP SIGNATURE-----


Reply to: