Red Hat Product Errata RHSA-2025:8678 - Security Advisory
Issued:
2025-06-09
Updated:
2025-06-09

RHSA-2025:8678 - Security Advisory

Synopsis

Important: perl-FCGI security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for perl-FCGI is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

FastCGI Perl bindings.

Security Fix(es):

  • perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library (CVE-2025-40907)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2366847 - CVE-2025-40907 perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
perl-FCGI-0.79-8.el9_0.1.src.rpm SHA-256: 035becc3cb13dd109220624837fc771e010f1e29c42402d139aa31d1906cc593
ppc64le
perl-FCGI-0.79-8.el9_0.1.ppc64le.rpm SHA-256: 766341b8c3b25fd25e8d48357a6c0fa50d2b1e3294e6921a95fdd977f7995b1b
perl-FCGI-debuginfo-0.79-8.el9_0.1.ppc64le.rpm SHA-256: e0578c831aa16eed81b0c6cc41a8643357c5c57d86b63ddc4d93aaea9fb852a2
perl-FCGI-debugsource-0.79-8.el9_0.1.ppc64le.rpm SHA-256: 82924efb832fcedafc270e65d4800a63d7d8a9710a95b7e7192e31fbfd84722d

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
perl-FCGI-0.79-8.el9_0.1.src.rpm SHA-256: 035becc3cb13dd109220624837fc771e010f1e29c42402d139aa31d1906cc593
x86_64
perl-FCGI-0.79-8.el9_0.1.x86_64.rpm SHA-256: 9a0d75e511045baf7aba72e85524735110c17c1c42c7f0e7ad0cd2279262deb2
perl-FCGI-debuginfo-0.79-8.el9_0.1.x86_64.rpm SHA-256: 82090ccf9acea9e0dde7877aff015902a3d356808fbc4a8dda7c21eec9c59d3c
perl-FCGI-debugsource-0.79-8.el9_0.1.x86_64.rpm SHA-256: 3599475e3d27034a8afd6c22b060c640438026cbbcad81332c3260177a0e15a4

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
perl-FCGI-0.79-8.el9_0.1.src.rpm SHA-256: 035becc3cb13dd109220624837fc771e010f1e29c42402d139aa31d1906cc593
aarch64
perl-FCGI-0.79-8.el9_0.1.aarch64.rpm SHA-256: e8c49de0c63263a156ac7f0dfe706f02f9442e769688550b323f070446c15788
perl-FCGI-debuginfo-0.79-8.el9_0.1.aarch64.rpm SHA-256: 7ab020e54d6d2ae1f284aaca3a04ced1626c70ef8b95b041063e3c619d7a2f39
perl-FCGI-debugsource-0.79-8.el9_0.1.aarch64.rpm SHA-256: d07873699f64628c5fd409892929f4cdba6b08cbaddd0793a30a44fe3d0c2264

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
perl-FCGI-0.79-8.el9_0.1.src.rpm SHA-256: 035becc3cb13dd109220624837fc771e010f1e29c42402d139aa31d1906cc593
s390x
perl-FCGI-0.79-8.el9_0.1.s390x.rpm SHA-256: 07b90be456bd30e941cc4ed2fca9e7bf075af67d3d613b3a83a86b160d9ef598
perl-FCGI-debuginfo-0.79-8.el9_0.1.s390x.rpm SHA-256: cee8300acb2c12d4f648014fb7a56e9d8c5432fe1f0783cf519811efeee0ceb1
perl-FCGI-debugsource-0.79-8.el9_0.1.s390x.rpm SHA-256: d1e050ebdb5dba9ee90e2e4994872e71163dfd453068155dd63ab15c242eb0be

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.