Debian has issued an advisory tomorrow (October 12):
The issue was fixed upstream in 2.3.9.
Updated packages uploaded for Mageia 3 and Cauldron.
Patched package uploaded for Mageia 2.
Updated apache-mod_fcgid package fixes security vulnerability:
Apache mod_fcgid before version 2.3.9 fails to perform adequate boundary checks
on user-supplied input. This may allow a remote attacker to cause a heap-based
buffer overflow, resulting in a denial of service or potentially allowing the
execution of arbitrary code (CVE-2013-4365).
Updated packages in core/updates_testing:
Steps to Reproduce:
Testing complete mga3 32 & 64
Just checking the module loads ok
# httpd -M | grep fcgid
Testing complete mga2 32 & 64
Validating. Advisory uploaded.
Could sysadmin please push from 2&3 core/updates_testing to updates