Re: lighttpd :: Security alert

[ Thread Index | Date Index | More Archives ]

On Wed, 16 Jul 2008 23:35:02 +0200
jacques <jacques@xxxxxxxxxxxxxx> wrote:

> Hi there,


> lighttpd 1.4.18, and possibly other versions before 1.5.0, does not
> properly calculate the size of a file descriptor array, which allows
> remote attackers to cause a denial of service (crash) via a large
> number of connections, which triggers an out-of-bounds access.
>   %%%%
> Is slitaz affected ?

Yes, in part. Since we dont have support for ldap and ssl with Lighthy
SliTaz is only affected by fastcgi module.

Fixed in the Stable repository with and update to lighttpd-1.4.19:

Fixed in Cooking version, no upgrade to 1.5-svn (lighttpd-1.4.19-1),
just patched:

Please upgrade to the last version og LightTPD:

# tazpkg recharge
# tazpkg upgrade

> Regards,
>               Jacques

Thank Jacques for your reactivity,
- Christophe

SliTaz GNU/Linux Mailing list.
Web site :

Mail converted by MHonArc 2.6.19+