[Bug 2366914] New: CVE-2025-40907 perl-FCGI: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2366914
Bug ID: 2366914 Summary: CVE-2025-40907 perl-FCGI: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library [fedora-all] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["c47d03f8-82b8-430e-95a9-3719867d60bc"]} Component: perl-FCGI Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: emmanuel@seyman.fr Reporter: rgatica@redhat.com QA Contact: extras-qa@fedoraproject.org CC: emmanuel@seyman.fr, iarnell@gmail.com, mspacek@redhat.com, perl-devel@lists.fedoraproject.org Blocks: 2366847 (CVE-2025-40907) Target Milestone: --- Classification: Fedora
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2366847
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2366847 [Bug 2366847] CVE-2025-40907 perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library
https://bugzilla.redhat.com/show_bug.cgi?id=2366914
Petr Pisar ppisar@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |ppisar@redhat.com Fixed In Version| |perl-FCGI-0.82-14.fc43 Assignee|emmanuel@seyman.fr |ppisar@redhat.com Status|NEW |MODIFIED
--- Comment #1 from Petr Pisar ppisar@redhat.com --- No response from upstream. I will apply a fix from fcgi2 upstream which is bundled by FCGI upstream and another related fix I did not get any response to.
https://bugzilla.redhat.com/show_bug.cgi?id=2366914
--- Comment #2 from Fedora Update System updates@fedoraproject.org --- FEDORA-2025-0692dfc833 (perl-FCGI-0.82-14.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2025-0692dfc833
https://bugzilla.redhat.com/show_bug.cgi?id=2366914
--- Comment #3 from Fedora Update System updates@fedoraproject.org --- FEDORA-2025-2a4df5f325 (perl-FCGI-0.82-13.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2025-2a4df5f325
https://bugzilla.redhat.com/show_bug.cgi?id=2366914
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |ON_QA
--- Comment #4 from Fedora Update System updates@fedoraproject.org --- FEDORA-2025-0692dfc833 has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-0692dfc833` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-0692dfc833
See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
https://bugzilla.redhat.com/show_bug.cgi?id=2366914
--- Comment #5 from Fedora Update System updates@fedoraproject.org --- FEDORA-2025-2a4df5f325 has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-2a4df5f325` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-2a4df5f325
See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
https://bugzilla.redhat.com/show_bug.cgi?id=2366914
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Fixed In Version|perl-FCGI-0.82-14.fc43 |perl-FCGI-0.82-14.fc43 | |perl-FCGI-0.82-14.fc42 Resolution|--- |ERRATA Last Closed| |2025-06-06 01:43:51
--- Comment #6 from Fedora Update System updates@fedoraproject.org --- FEDORA-2025-0692dfc833 (perl-FCGI-0.82-14.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=2366914
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version|perl-FCGI-0.82-14.fc43 |perl-FCGI-0.82-14.fc43 |perl-FCGI-0.82-14.fc42 |perl-FCGI-0.82-14.fc42 | |perl-FCGI-0.82-13.fc41
--- Comment #7 from Fedora Update System updates@fedoraproject.org --- FEDORA-2025-2a4df5f325 (perl-FCGI-0.82-13.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.
perl-devel@lists.fedoraproject.org
-
bugzilla@redhat.com