A stack-smashing bug for fcgi was reported to Ubuntu and subsequently patched in both Ubuntu and Debian. According to the bug report, if more than 1024 connections are received, a segfault can occur. A patch is provided with the bug reports: https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/933417 and the report at debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681591
fcgi-2.4.0-26.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/fcgi-2.4.0-26.fc21
fcgi-2.4.0-26.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/fcgi-2.4.0-26.fc20
fcgi-2.4.0-12.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/fcgi-2.4.0-12.el6
fcgi-2.4.0-13.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/fcgi-2.4.0-13.el5
fcgi-2.4.0-25.el7 has been submitted as an update for Fedora EPEL 7. https://admin.fedoraproject.org/updates/fcgi-2.4.0-25.el7
Package fcgi-2.4.0-25.el7: * should fix your issue, * was pushed to the Fedora EPEL 7 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing fcgi-2.4.0-25.el7' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0650/fcgi-2.4.0-25.el7 then log in and leave karma (feedback).
I have a PoC that reproduces the segfault on CentOS 7 and I have confirmed that after upgrading to fcgi-2.4.0-25.el7, the segfault stops. Not sure if it's the best idea to post the PoC here, so please contact me directly and I will be happy to provide details.
(In reply to joe from comment #7) > I have a PoC that reproduces the segfault on CentOS 7 and I have confirmed > that after upgrading to fcgi-2.4.0-25.el7, the segfault stops. > > Not sure if it's the best idea to post the PoC here, so please contact me > directly and I will be happy to provide details. Please cc me if Till needs it, or send me directly.
fcgi-2.4.0-25.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
fcgi-2.4.0-12.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
fcgi-2.4.0-13.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
fcgi-2.4.0-26.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
fcgi-2.4.0-26.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.