Re: lighttpd :: Security alert

[ Thread Index | Date Index | More lists.tuxfamily.org/slitaz Archives ]

To: slitaz@xxxxxxxxxxxxxxxxxxx
Subject: Re: lighttpd :: Security alert
From: Christophe Lincoln <pankso@xxxxxxxxxx>
Date: Thu, 17 Jul 2008 16:27:22 +0200
Organization: SliTaz

On Wed, 16 Jul 2008 23:35:02 +0200
jacques <jacques@xxxxxxxxxxxxxx> wrote:

> Hi there,

Hi,

> lighttpd 1.4.18, and possibly other versions before 1.5.0, does not
> properly calculate the size of a file descriptor array, which allows
> remote attackers to cause a denial of service (crash) via a large
> number of connections, which triggers an out-of-bounds access.
> 
>   %%%%
> 
> Is slitaz affected ?

Yes, in part. Since we dont have support for ldap and ssl with Lighthy
SliTaz is only affected by fastcgi module.

Fixed in the Stable repository with and update to lighttpd-1.4.19:
http://hg.slitaz.org/wok-stable/rev/243ea9410069

Fixed in Cooking version, no upgrade to 1.5-svn (lighttpd-1.4.19-1),
just patched: http://hg.slitaz.org/wok/rev/ca4331756d20

Please upgrade to the last version og LightTPD:

# tazpkg recharge
# tazpkg upgrade

> Regards,
>               Jacques

Thank Jacques for your reactivity,
- Christophe

---
SliTaz GNU/Linux Mailing list.
Web site : http://www.slitaz.org/

References:
- lighttpd :: Security alert
  - From: jacques

Messages sorted by: [ date | thread ]
Prev by Date: lighttpd :: Security alert
Next by Date: empty linux-*
Previous by thread: lighttpd :: Security alert
Next by thread: empty linux-*

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/