Summary: | <dev-libs/fcgi-2.4.1_pre0910052249-r2: numerous connections cause segfault DoS (CVE-2012-6687) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | rafaelmartins |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2015/q1/440 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Kristian Fiskerstrand (RETIRED)
2015-02-06 22:35:29 UTC
working on it The patch provided does not applies cleanly to our version of fcgi (it is a snapshot). I ported it and revbumped to =dev-libs/fcgi-2.4.1_pre0910052249-r2. (In reply to Rafael Martins from comment #2) > The patch provided does not applies cleanly to our version of fcgi (it is a > snapshot). I ported it and revbumped to > =dev-libs/fcgi-2.4.1_pre0910052249-r2. Thanks. Is it ready for stabilization? (In reply to Kristian Fiskerstrand from comment #3) > (In reply to Rafael Martins from comment #2) > > The patch provided does not applies cleanly to our version of fcgi (it is a > > snapshot). I ported it and revbumped to > > =dev-libs/fcgi-2.4.1_pre0910052249-r2. > > Thanks. Is it ready for stabilization? i think so Arches, please stabilize: =dev-libs/fcgi-2.4.1_pre0910052249-r2 Stable arches: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 amd64 stable Stable for HPPA. x86 stable sparc stable arm stable ppc64 stable ppc stable ia64 stable alpha stable. Maintainer(s), please cleanup. Security, please vote. Arches, Thank you for your work. First Vote: No Maintainer(s), please drop the vulnerable version(s). vulnerable ebuild removed. thanks Arches and Maintainer(s), Thank you for your work. GLSA vote: no. Closing as [noglsa] CVE-2012-6687 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6687): FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections. |