Debian Security Advisory 1540-3 - This update fixes a regression in lighttpd introduced in DSA-1540, causing SSL failures.
700fbcba0948ac083649f503b18b4778a113b2ad544f5d67eeb60962055d0e06Debian Security Advisory 1540-2 - It was discovered that lighttpd, a fast webserver with minimal memory footprint, did not correctly handle SSL errors. This could allow a remote attacker to disconnect all active SSL connections. This security update fixes a regression in the previous one, which caused SSL failures.
81b1709bbba7d47454bc46f62b5b29d63ad1e0d1d4ac732e92e318faebac658aGentoo Linux Security Advisory GLSA 200804-08 - Julien Cayzax discovered that an insecure default setting exists in mod_userdir in lighttpd. When userdir.path is not set the default value used is $HOME. It should be noted that the nobody user's $HOME is / (CVE-2008-1270). An error also exists in the SSL connection code which can be triggered when a user prematurely terminates his connection (CVE-2008-1531). Versions less than 1.4.19-r2 are affected.
04d53fca65adca4c84d85a814f6f371863f45711fbaaacda55d307182040adffDebian Security Advisory 1540-1 - It was discovered that lighttpd, a fast webserver with minimal memory footprint, did not correctly handle SSL errors. This could allow a remote attacker to disconnect all active SSL connections.
6025a1c0e5351fec1a681da6ef9b11326b7ead6d3c091184c224175f3cadc312
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed