OpenSDE
/
package-nopast
3
0
Fork 0
Code Issues 9 Projects 1 Releases Activity
Browse Source

[lighttpd] Updated (1.4.18 -> 1.4.19) : SECURITY - MEDIUM 

CVE-2008-0983 (Medium) :
lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a
file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large
number of connections, which triggers an out-of-bounds access.

CVE-2008-1111 (Medium) :
mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a
fork failure occurs, which might allow remote attackers to obtain sensitive information.

CVE-2008-1270 (Medium) :
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME,
which might allow remote attackers to read arbitrary files, as demonstrated by accessing the
~nobody directory.
early
Aldas Nabazas 17 years ago
parent
14f8a374c5
commit
bfa90ecc91
1 changed files with 3 additions and 3 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +3
    -3
      network/lighttpd/lighttpd.desc

+ 3
- 3
network/lighttpd/lighttpd.desc
View File

@ -2,7 +2,7 @@
[COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
[COPY]
[COPY] Filename: package/.../lighttpd/lighttpd.desc
[COPY] Copyright (C) 2006 - 2007 The OpenSDE Project
[COPY] Copyright (C) 2006 - 2008 The OpenSDE Project
[COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
[COPY]
[COPY] More information can be found in the files COPYING and README.
@ -32,8 +32,8 @@
[L] OpenSource
[S] Stable
[V] 1.4.18
[V] 1.4.19
[P] X -?---5---9 150.000
[D] 2794091929 lighttpd-1.4.18.tar.gz http://lighttpd.net/download/
[D] 2568131231 lighttpd-1.4.19.tar.gz http://lighttpd.net/download/

Write Preview
Loading…
Cancel
Save