FastCGI-2.4.0-171.10 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10387 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z FastCGI-2.4.0-171.10 on GA media These are all security issues fixed in the FastCGI-2.4.0-171.10 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10387 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10387 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2011-2766/ SUSE CVE CVE-2011-2766 page openSUSE Tumbleweed FastCGI-2.4.0-171.10 FastCGI-devel-2.4.0-171.10 libfcgi0-2.4.0-171.10 perl-CGI-4.35-1.1 perl-FastCGI-2.4.0-171.10 FastCGI-2.4.0-171.10 as a component of openSUSE Tumbleweed FastCGI-devel-2.4.0-171.10 as a component of openSUSE Tumbleweed libfcgi0-2.4.0-171.10 as a component of openSUSE Tumbleweed perl-CGI-4.35-1.1 as a component of openSUSE Tumbleweed perl-FastCGI-2.4.0-171.10 as a component of openSUSE Tumbleweed The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. CVE-2011-2766 openSUSE Tumbleweed:FastCGI-2.4.0-171.10 openSUSE Tumbleweed:FastCGI-devel-2.4.0-171.10 openSUSE Tumbleweed:libfcgi0-2.4.0-171.10 openSUSE Tumbleweed:perl-CGI-4.35-1.1 openSUSE Tumbleweed:perl-FastCGI-2.4.0-171.10 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2766.html CVE-2011-2766 https://bugzilla.suse.com/735882 SUSE Bug 735882