all things security

Debian Security Advisory 2795-1

Debian Security Advisory 2795-1
Posted Nov 13, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2795-1 - Several vulnerabilities have been discovered in the lighttpd web server.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2013-4508, CVE-2013-4559, CVE-2013-4560
MD5 | 0fafb33b2d3154cff50fb341e5470566

Debian Security Advisory 2795-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2795-1 security@debian.org
http://www.debian.org/security/ Michael Gilbert
November 13, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : lighttpd
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-4508 CVE-2013-4559 CVE-2013-4560
Debian Bug : 729453

Several vulnerabilities have been discovered in the lighttpd web server.

CVE-2013-4508

It was discovered that lighttpd uses weak ssl ciphers when SNI (Server
Name Indication) is enabled. This issue was solved by ensuring that
stronger ssl ciphers are used when SNI is selected.

CVE-2013-4559

The clang static analyzer was used to discover privilege escalation
issues due to missing checks around lighttpd's setuid, setgid, and
setgroups calls. Those are now appropriately checked.

CVE-2013-4560

The clang static analyzer was used to discover a use-after-free issue
when the FAM stat cache engine is enabled, which is now fixed.

For the oldstable distribution (squeeze), these problems have been fixed in
version 1.4.28-2+squeeze1.4.

For the stable distribution (wheezy), these problems have been fixed in
version 1.4.31-4+deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version lighttpd_1.4.33-1+nmu1.

We recommend that you upgrade your lighttpd packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQQcBAEBCgAGBQJSgxenAAoJELjWss0C1vRzHPsgALdWQO7rsEWwjjP8fbQxsnTb
7iNsBV66hCZ6W2xlSo8rVysE1QDqAptwwX3Xq0JHteM9edFlSUTyR8ir6P7Y1ISY
RnBJBj3b52m+Ni/9itsiCsO+nxTwy7YI9E/mFX4/fqHBsBZ/bm/cLOcdE9pnBTyx
GHMR4i1IsvrBNH0hcfnAWf2mlvX24Mvu2ViLJsPN9pjJIVtmuMFAh1LLfKvwJ104
cBAMocie4KW7UtWTt6/cdXd306Sd4UbR/X5QVenvBLeFqoTStftXf91SvNjKzfO4
up23uZ+CADam0mGoqDf5YnvUeCNjvKIDgHUFKMWcQ3lJgX1vOwkUP5+3WDHUI5Y+
EFGYzf2/k2XL7cHykFXjHgIYrbpRHSru6attY2cC8dqMkPB6bkqXkErC3bZL67TX
7Gfdm/ruVpjE3JUrxGbA9nfXYr2L2lysouTgkuP7BDB4gPYRQvmVNIaj9QXbQ66D
s89PfkkHM1jqBM7+mhzanBcntf4c0buB2FwWZV9tKBel2Q0fxOTCpn1seerJzWwR
WF7Ivl234rqm8AQil/KOFfx5LEd2hnfLEm04na9ujy6dzHEIP5jQ5qlckJYWj6br
0bF5UnQu1I+A8z67NFdBdWgyzar0XNXkgGALPM1/59OquVKuWbqUrsZvxxv288ku
FXuNnzkCs8eXGGJIl5CKABfTh7AfOXMd9dCYyDw6sA7ZlTjW/tebjrFGbyUqv5Ny
ZA6aweTymAzXLZ7md7hHHYDuVMLJQuLRel3DPlbThhrxa8sMsn7r51CnMS9WDxnY
mwX1xpWdykttmWad6cv4K3sr73+N5SDQfaxES/Q0QVUvWjsmFYEF7aibcobaiRoO
1lpZe1ThsCokR7l/o+Ja2X+sSC6mA8M+SJ83u8sfFC/Z40r3+l0sV8W7a8dQNXdt
s3mGMZsFpBqcvbHNmqL11eziNekuB7W+Tngk/5cJQ07f149JtvW7yJs7X64nSmER
p9smvZWC0CwKuWw8U6YwvIwcZgfGjfzUlcgMmD0n+jNtymVXbDDWyxBKuGXc1JMJ
6SFw59/0YgidhP8SVvQ+a2BcgO7c+Ks7uz2dcuSPvsU8CCn1XLDzApcWNzkuUjsz
7oYf10AkJ770BeMg7OzmZV1lHP3JXTZeM13ae9Y+14nq0ykY4hPGcEJN15K7Esnk
1uNrI8cmAK+5IkgsjEkUidF7xvsfrMX/Fu3f0uMXZCOl+Rest5yHzncqe3V/CfG6
OpLsHr+unMRZ107p8xSmV/CpzWuuR9rRNdH9Cle7omjF066nP/J8KskS5zWTJoPw
zmJuow5+H2uiffE+Q29u6WgCNOEp2XXrgXNLxH6RXJiSIHk//3vwrw+tPRe8D+M=
=cCF1
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    7 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close