| Summary: | apache-mod_fcgid new security issue CVE-2016-1000104 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, mageia, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | advisory MGA5-64-OK MGA5-32-OK | ||
| Source RPM: | apache-mod_fcgid-2.3.9-5.mga6.src.rpm | CVE: | CVE-2016-1000104 |
| Status comment: | |||
|
Description
David Walser
2016-08-22 23:45:40 CEST
David Walser
2016-08-22 23:45:45 CEST
Whiteboard:
(none) =>
MGA5TOO Fixed in cauldron Whiteboard:
MGA5TOO =>
(none) Patched package uploaded for Mageia 5. Advisory: ======================== Updated apache-mod_fcgid package fixes security vulnerability: A remote attacker could have set the HTTP_PROXY environment variable of CGI scripts (CVE-2016-1000104). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000104 https://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html ======================== Updated packages in core/updates_testing: ======================== apache-mod_fcgid-2.3.9-4.1.mga5 from apache-mod_fcgid-2.3.9-4.1.mga5.src.rpm Assignee:
shlomif =>
qa-bugs As with prior updates for this package, just confirming the module loads. After installing the update ... [root@i5v ~]# systemctl restart httpd.service [root@i5v ~]# httpd -M | grep fcgid fcgid_module (shared) Same result on Mageia 5 x86_64. Whiteboard:
(none) =>
advisory MGA5-64-OK MGA5-32-OK An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0203.html Resolution:
(none) =>
FIXED |