libfcgi:add security patch for CVE-2012-6687 (2311d54e) · Commits · Arm Reference Solutions / buildroot

Commit 2311d54e authored Mar 01, 2016 by niranjan.reddy Committed by Peter Korsgaard Mar 01, 2016

libfcgi:add security patch for CVE-2012-6687

Fix-CVE-2012-6687 - remote attackers cause a denial of service (crash)
via a large number of connections (http://www.cvedetails.com/cve/CVE-2012-6687/).
use poll in os_unix.c instead of select to avoid problem with > 1024 connections.
The patch libfcgi_2.4.0-8.3.debian.tar.xz is taken from the below link:
(https://launchpad.net/ubuntu/+source/libfcgi/2.4.0-8.3

)
The next release of libfcgi is 2.4.1 which may have this fix is yet to be released
officially.

Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

parent 18f3a22d

Hide whitespace changes

Inline Side-by-side

Please register or to comment