Red Hat Product Errata RHSA-2025:8636 - Security Advisory
Issued:
2025-06-09
Updated:
2025-06-09

RHSA-2025:8636 - Security Advisory

Synopsis

Important: perl-FCGI security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for perl-FCGI is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

FastCGI Perl bindings.

Security Fix(es):

  • perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library (CVE-2025-40907)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

  • BZ - 2366847 - CVE-2025-40907 perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library

Red Hat Enterprise Linux for x86_64 10

SRPM
perl-FCGI-0.82-13.1.el10_0.src.rpm SHA-256: 93984dfd0c1ca266cf236f0477b305883124335729db38d58ab88436b0c74ef4
x86_64
perl-FCGI-0.82-13.1.el10_0.x86_64.rpm SHA-256: 1e9177facd6a65a068fab948d24500eea3de888f20d5deb4e0c5b0c9eb5851cd
perl-FCGI-debuginfo-0.82-13.1.el10_0.x86_64.rpm SHA-256: c1efb840c45cf08304b3578fa1ce4f3fa7f8771cf26a38ea2ae1122a36d6bae9
perl-FCGI-debugsource-0.82-13.1.el10_0.x86_64.rpm SHA-256: 45bfd60630afe67bb29432e2793f8501692dc173854bdfb5f06db3b800a934c7

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
perl-FCGI-0.82-13.1.el10_0.src.rpm SHA-256: 93984dfd0c1ca266cf236f0477b305883124335729db38d58ab88436b0c74ef4
x86_64
perl-FCGI-0.82-13.1.el10_0.x86_64.rpm SHA-256: 1e9177facd6a65a068fab948d24500eea3de888f20d5deb4e0c5b0c9eb5851cd
perl-FCGI-debuginfo-0.82-13.1.el10_0.x86_64.rpm SHA-256: c1efb840c45cf08304b3578fa1ce4f3fa7f8771cf26a38ea2ae1122a36d6bae9
perl-FCGI-debugsource-0.82-13.1.el10_0.x86_64.rpm SHA-256: 45bfd60630afe67bb29432e2793f8501692dc173854bdfb5f06db3b800a934c7

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
perl-FCGI-0.82-13.1.el10_0.src.rpm SHA-256: 93984dfd0c1ca266cf236f0477b305883124335729db38d58ab88436b0c74ef4
s390x
perl-FCGI-0.82-13.1.el10_0.s390x.rpm SHA-256: b4231f36f6a3d5b3d97436e6946053c1f488f8567575ae03af1edbe995c9223c
perl-FCGI-debuginfo-0.82-13.1.el10_0.s390x.rpm SHA-256: ad217f7b0a8413b1a5e64f8ac289490e526a05aca3d857316f68892128badfa8
perl-FCGI-debugsource-0.82-13.1.el10_0.s390x.rpm SHA-256: 329231db9614af4888fea77685b7d64fec221a8cba803f187fdc91ec2634d06c

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
perl-FCGI-0.82-13.1.el10_0.src.rpm SHA-256: 93984dfd0c1ca266cf236f0477b305883124335729db38d58ab88436b0c74ef4
s390x
perl-FCGI-0.82-13.1.el10_0.s390x.rpm SHA-256: b4231f36f6a3d5b3d97436e6946053c1f488f8567575ae03af1edbe995c9223c
perl-FCGI-debuginfo-0.82-13.1.el10_0.s390x.rpm SHA-256: ad217f7b0a8413b1a5e64f8ac289490e526a05aca3d857316f68892128badfa8
perl-FCGI-debugsource-0.82-13.1.el10_0.s390x.rpm SHA-256: 329231db9614af4888fea77685b7d64fec221a8cba803f187fdc91ec2634d06c

Red Hat Enterprise Linux for Power, little endian 10

SRPM
perl-FCGI-0.82-13.1.el10_0.src.rpm SHA-256: 93984dfd0c1ca266cf236f0477b305883124335729db38d58ab88436b0c74ef4
ppc64le
perl-FCGI-0.82-13.1.el10_0.ppc64le.rpm SHA-256: 235579032eadea11ae7d70c66ad50ebff4d3f38c4bc2ce0ae1406f25d435b120
perl-FCGI-debuginfo-0.82-13.1.el10_0.ppc64le.rpm SHA-256: 5c8c90950a5c87514751a39e4f61089907676c5876f34feb85ce02ee15a107ad
perl-FCGI-debugsource-0.82-13.1.el10_0.ppc64le.rpm SHA-256: 66700de376703b4515efb7d6f5f0f39e44e225a037eeb569300c719529085514

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
perl-FCGI-0.82-13.1.el10_0.src.rpm SHA-256: 93984dfd0c1ca266cf236f0477b305883124335729db38d58ab88436b0c74ef4
ppc64le
perl-FCGI-0.82-13.1.el10_0.ppc64le.rpm SHA-256: 235579032eadea11ae7d70c66ad50ebff4d3f38c4bc2ce0ae1406f25d435b120
perl-FCGI-debuginfo-0.82-13.1.el10_0.ppc64le.rpm SHA-256: 5c8c90950a5c87514751a39e4f61089907676c5876f34feb85ce02ee15a107ad
perl-FCGI-debugsource-0.82-13.1.el10_0.ppc64le.rpm SHA-256: 66700de376703b4515efb7d6f5f0f39e44e225a037eeb569300c719529085514

Red Hat Enterprise Linux for ARM 64 10

SRPM
perl-FCGI-0.82-13.1.el10_0.src.rpm SHA-256: 93984dfd0c1ca266cf236f0477b305883124335729db38d58ab88436b0c74ef4
aarch64
perl-FCGI-0.82-13.1.el10_0.aarch64.rpm SHA-256: 7f6c07b29ebf6bed771d266551610cb38c190c2d51150e01c8f5aa497f2e5d3f
perl-FCGI-debuginfo-0.82-13.1.el10_0.aarch64.rpm SHA-256: 11382a73c45cb17ba239e6e27da9fc946c6803682c30b61290d1e3bd5ffa444c
perl-FCGI-debugsource-0.82-13.1.el10_0.aarch64.rpm SHA-256: 74b12f2943fb587440d8168adc0978f501933c8369a5622b459cc118e0e96ab8

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
perl-FCGI-0.82-13.1.el10_0.src.rpm SHA-256: 93984dfd0c1ca266cf236f0477b305883124335729db38d58ab88436b0c74ef4
aarch64
perl-FCGI-0.82-13.1.el10_0.aarch64.rpm SHA-256: 7f6c07b29ebf6bed771d266551610cb38c190c2d51150e01c8f5aa497f2e5d3f
perl-FCGI-debuginfo-0.82-13.1.el10_0.aarch64.rpm SHA-256: 11382a73c45cb17ba239e6e27da9fc946c6803682c30b61290d1e3bd5ffa444c
perl-FCGI-debugsource-0.82-13.1.el10_0.aarch64.rpm SHA-256: 74b12f2943fb587440d8168adc0978f501933c8369a5622b459cc118e0e96ab8

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
perl-FCGI-0.82-13.1.el10_0.src.rpm SHA-256: 93984dfd0c1ca266cf236f0477b305883124335729db38d58ab88436b0c74ef4
aarch64
perl-FCGI-0.82-13.1.el10_0.aarch64.rpm SHA-256: 7f6c07b29ebf6bed771d266551610cb38c190c2d51150e01c8f5aa497f2e5d3f
perl-FCGI-debuginfo-0.82-13.1.el10_0.aarch64.rpm SHA-256: 11382a73c45cb17ba239e6e27da9fc946c6803682c30b61290d1e3bd5ffa444c
perl-FCGI-debugsource-0.82-13.1.el10_0.aarch64.rpm SHA-256: 74b12f2943fb587440d8168adc0978f501933c8369a5622b459cc118e0e96ab8

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
perl-FCGI-0.82-13.1.el10_0.src.rpm SHA-256: 93984dfd0c1ca266cf236f0477b305883124335729db38d58ab88436b0c74ef4
s390x
perl-FCGI-0.82-13.1.el10_0.s390x.rpm SHA-256: b4231f36f6a3d5b3d97436e6946053c1f488f8567575ae03af1edbe995c9223c
perl-FCGI-debuginfo-0.82-13.1.el10_0.s390x.rpm SHA-256: ad217f7b0a8413b1a5e64f8ac289490e526a05aca3d857316f68892128badfa8
perl-FCGI-debugsource-0.82-13.1.el10_0.s390x.rpm SHA-256: 329231db9614af4888fea77685b7d64fec221a8cba803f187fdc91ec2634d06c

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
perl-FCGI-0.82-13.1.el10_0.src.rpm SHA-256: 93984dfd0c1ca266cf236f0477b305883124335729db38d58ab88436b0c74ef4
ppc64le
perl-FCGI-0.82-13.1.el10_0.ppc64le.rpm SHA-256: 235579032eadea11ae7d70c66ad50ebff4d3f38c4bc2ce0ae1406f25d435b120
perl-FCGI-debuginfo-0.82-13.1.el10_0.ppc64le.rpm SHA-256: 5c8c90950a5c87514751a39e4f61089907676c5876f34feb85ce02ee15a107ad
perl-FCGI-debugsource-0.82-13.1.el10_0.ppc64le.rpm SHA-256: 66700de376703b4515efb7d6f5f0f39e44e225a037eeb569300c719529085514

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
perl-FCGI-0.82-13.1.el10_0.src.rpm SHA-256: 93984dfd0c1ca266cf236f0477b305883124335729db38d58ab88436b0c74ef4
x86_64
perl-FCGI-0.82-13.1.el10_0.x86_64.rpm SHA-256: 1e9177facd6a65a068fab948d24500eea3de888f20d5deb4e0c5b0c9eb5851cd
perl-FCGI-debuginfo-0.82-13.1.el10_0.x86_64.rpm SHA-256: c1efb840c45cf08304b3578fa1ce4f3fa7f8771cf26a38ea2ae1122a36d6bae9
perl-FCGI-debugsource-0.82-13.1.el10_0.x86_64.rpm SHA-256: 45bfd60630afe67bb29432e2793f8501692dc173854bdfb5f06db3b800a934c7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.