An update candidate is in updates_testing Advisory: ======================== Updated apache-mod_fcgid package fixes security vulnerability: fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit (CVE-2012-1181). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1181 https://issues.apache.org/bugzilla/show_bug.cgi?id=49902 ======================== Updated packages in core/updates_testing: ======================== apache-mod_fcgid-2.3.6-0.2.mga1 from apache-mod_fcgid-2.3.6-0.2.mga1.src.rpm
Some examples here - http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
Testing complete on i586 for the srpm apache-mod_fcgid-2.3.6-0.2.mga1.src.rpm Just testing using https://localhost/phpinfo, which works and shows the module is loaded.
CC: (none) => davidwhodgins
testing complete on x86_64 Suggested Advisory: ------------- Updated apache-mod_fcgid package fixes security vulnerability: fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit (CVE-2012-1181). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1181 https://issues.apache.org/bugzilla/show_bug.cgi?id=49902 https://bugs.mageia.org/show_bug.cgi?id=5062#c2 ------------- SRPM: apache-mod_fcgid-2.3.6-0.2.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED