Mandriva Linux Security Advisory 2012-001 - The FCGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. The updated packages have been patched to correct this issue.
8d2423bc16115f636ca68a4804864ce61b2388e41adacf7b62eff39a085a9e89
Debian Linux Security Advisory 2327-1 - Ferdinand Smit discovered that libfcgi-perl, a Perl module for writing FastCGI applications, is incorrectly restoring environment variables of a prior request in subsequent requests. In some cases this may lead to authentication bypasses or worse.
db9444e23843ed2215138be06267ed7a6f1fc2b748d7e7c337b65e76da520d66