karasz
/
package-update
1
0
Fork 0
Code Issues Releases Activity
Browse Source

[lighttpd] Updated (1.4.18 -> 1.4.19) : SECURITY - MEDIUM 

CVE-2008-0983 (Medium) :
lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a
file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large
number of connections, which triggers an out-of-bounds access.

CVE-2008-1111 (Medium) :
mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a
fork failure occurs, which might allow remote attackers to obtain sensitive information.

CVE-2008-1270 (Medium) :
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME,
which might allow remote attackers to read arbitrary files, as demonstrated by accessing the
~nobody directory.
early
Aldas Nabazas 18 years ago
parent
14f8a374c5
commit
bfa90ecc91
1 changed files with 3 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      network/lighttpd/lighttpd.desc

6
network/lighttpd/lighttpd.desc
Unescape View File

@ -2,7 +2,7 @@
[COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
[COPY]
[COPY] Filename: package/.../lighttpd/lighttpd.desc
[COPY] Copyright (C) 2006 - 2007 The OpenSDE Project
[COPY] Copyright (C) 2006 - 2008 The OpenSDE Project
[COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
[COPY]
[COPY] More information can be found in the files COPYING and README.
@ -32,8 +32,8 @@
[L] OpenSource
[S] Stable
[V] 1.4.18
[V] 1.4.19
[P] X -?---5---9 150.000
[D] 2794091929 lighttpd-1.4.18.tar.gz http://lighttpd.net/download/
[D] 2568131231 lighttpd-1.4.19.tar.gz http://lighttpd.net/download/

Write Preview
Loading…
Cancel
Save