apache2-mod_fcgid-2.3.9-7.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10564 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z apache2-mod_fcgid-2.3.9-7.3 on GA media These are all security issues fixed in the apache2-mod_fcgid-2.3.9-7.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10564 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10564 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2010-3872/ SUSE CVE CVE-2010-3872 page https://www.suse.com/security/cve/CVE-2013-4365/ SUSE CVE CVE-2013-4365 page https://www.suse.com/security/cve/CVE-2016-1000104/ SUSE CVE CVE-2016-1000104 page openSUSE Tumbleweed apache2-mod_fcgid-2.3.9-7.3 apache2-mod_fcgid-2.3.9-7.3 as a component of openSUSE Tumbleweed A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash. CVE-2010-3872 openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3872.html CVE-2010-3872 https://bugzilla.suse.com/656092 SUSE Bug 656092 Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. CVE-2013-4365 openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4365.html CVE-2013-4365 https://bugzilla.suse.com/844935 SUSE Bug 844935 A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. CVE-2016-1000104 openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-1000104.html CVE-2016-1000104 https://bugzilla.suse.com/988486 SUSE Bug 988486 https://bugzilla.suse.com/988487 SUSE Bug 988487 https://bugzilla.suse.com/988488 SUSE Bug 988488 https://bugzilla.suse.com/988489 SUSE Bug 988489 https://bugzilla.suse.com/988491 SUSE Bug 988491 https://bugzilla.suse.com/988492 SUSE Bug 988492 https://bugzilla.suse.com/989174 SUSE Bug 989174