ALAS-2011-005


Amazon Linux AMI Security Advisory: ALAS-2011-5
Advisory Release Date: 2014-09-14 14:25 Pacific
Severity: Medium
References: CVE-2011-2766 

Issue Overview:

The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.


Affected Packages:

perl-FCGI


Issue Correction:
Run yum update perl-FCGI to update your system.

New Packages:
i686:
    perl-FCGI-debuginfo-0.74-1.0.amzn1.i686
    perl-FCGI-0.74-1.0.amzn1.i686

src:
    perl-FCGI-0.74-1.0.amzn1.src

x86_64:
    perl-FCGI-debuginfo-0.74-1.0.amzn1.x86_64
    perl-FCGI-0.74-1.0.amzn1.x86_64