ALAS-2011-005

Amazon Linux 1 Security Advisory: ALAS-2011-5
Advisory Release Date: 2011-10-10 23:48 Pacific
Advisory Updated Date: 2014-09-14 14:25 Pacific

Severity: Medium

References: CVE-2011-2766
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.

Affected Packages:

perl-FCGI

Issue Correction:
Run yum update perl-FCGI to update your system.

New Packages:

i686:
    perl-FCGI-debuginfo-0.74-1.0.amzn1.i686
    perl-FCGI-0.74-1.0.amzn1.i686

src:
    perl-FCGI-0.74-1.0.amzn1.src

x86_64:
    perl-FCGI-debuginfo-0.74-1.0.amzn1.x86_64
    perl-FCGI-0.74-1.0.amzn1.x86_64

Additional References

Red Hat: CVE-2011-2766

Mitre: CVE-2011-2766