|Re: lighttpd :: Security alert|
[ Thread Index |
| More lists.tuxfamily.org/slitaz Archives
On Wed, 16 Jul 2008 23:35:02 +0200
jacques <jacques@xxxxxxxxxxxxxx> wrote:
> Hi there,
> lighttpd 1.4.18, and possibly other versions before 1.5.0, does not
> properly calculate the size of a file descriptor array, which allows
> remote attackers to cause a denial of service (crash) via a large
> number of connections, which triggers an out-of-bounds access.
> Is slitaz affected ?
Yes, in part. Since we dont have support for ldap and ssl with Lighthy
SliTaz is only affected by fastcgi module.
Fixed in the Stable repository with and update to lighttpd-1.4.19:
Fixed in Cooking version, no upgrade to 1.5-svn (lighttpd-1.4.19-1),
just patched: http://hg.slitaz.org/wok/rev/ca4331756d20
Please upgrade to the last version og LightTPD:
# tazpkg recharge
# tazpkg upgrade
Thank Jacques for your reactivity,
SliTaz GNU/Linux Mailing list.
Web site : http://www.slitaz.org/