openSUSE has issued an advisory on August 19: https://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html This is another "httpoxy"-related issue.
Whiteboard: (none) => MGA5TOO
Fixed in cauldron
Whiteboard: MGA5TOO => (none)Version: Cauldron => 5CVE: (none) => CVE-2016-1000104CC: (none) => mageia
Patched package uploaded for Mageia 5. Advisory: ======================== Updated apache-mod_fcgid package fixes security vulnerability: A remote attacker could have set the HTTP_PROXY environment variable of CGI scripts (CVE-2016-1000104). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000104 https://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html ======================== Updated packages in core/updates_testing: ======================== apache-mod_fcgid-2.3.9-4.1.mga5 from apache-mod_fcgid-2.3.9-4.1.mga5.src.rpm
Assignee: shlomif => qa-bugs
As with prior updates for this package, just confirming the module loads. After installing the update ... [root@i5v ~]# systemctl restart httpd.service [root@i5v ~]# httpd -M | grep fcgid fcgid_module (shared) Same result on Mageia 5 x86_64.
Whiteboard: (none) => advisory MGA5-64-OK MGA5-32-OKKeywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0203.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED