SECURITY: lighttpd

SECURITY: lighttpd

[Yaakov (Cygwin Ports)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Two vulnerabilities have been discovered in Lighttpd, each allowing for
a Denial of Service.

Solution: upgrade to >= 1.4.14 (current is 1.4.9)

More information:
http://security.gentoo.org/glsa/glsa-200705-07.xml
http://bugs.gentoo.org/show_bug.cgi?id=174043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1870

Yaakov

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGP/YgpiWmPGlmQSMRCOI3AKCOjsZ0fLtQ1GnqAB+G4r+fUrt0swCfQmS0
5I5vf8ZmoC5s+ufh8pKEi5o=
=e02T
-----END PGP SIGNATURE-----

Re: SECURITY: lighttpd

[Lapo Luchini]

Yaakov (Cygwin Ports) wrote:
> Two vulnerabilities have been discovered in Lighttpd, each allowing for
> a Denial of Service.
>
> Solution: upgrade to >= 1.4.14 (current is 1.4.9)
Uh... whoooops.
Is that mine?
AFAIR yes, I'll update it ASAP, thanks for the prod.

-- 
Lapo Luchini
lapo@lapo.it (OpenPGP & X.509)
www.lapo.it (Jabber, ICQ, MSN)

Re: SECURITY: lighttpd

[Lapo Luchini]

Lapo Luchini wrote:
> I'll update it ASAP, thanks for the prod.
BTW: the Windows partition of my laptop kinda died, so I can't use the
spare time on the bus. I'll have to finish it on my main box, competing
for free time with paid jobs...

PS: anyway who is using lighttpd for anything other than a local-only
installation (for which security issues are a bit moot) feel very free
to send me personal emails and tell me to be faster, it will help :-P

-- 
Lapo Luchini
lapo@lapo.it (OpenPGP & X.509)
www.lapo.it (Jabber, ICQ, MSN)