Linux Security
    Linux Security
    Linux Security

    Debian: New lighttpd packages fix multiple DOS issues

    Date 15 Jul 2008
    Posted By LinuxSecurity Advisories
    Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1609-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                               Steve Kemp
    July 15, 2008               
    - ------------------------------------------------------------------------
    Package        : lighttpd
    Vulnerability  : various
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2008-0983 CVE-2007-3948
    Debian Bug     : 434888 466663
    Several local/remote vulnerabilities have been discovered in lighttpd,
    a fast webserver with minimal memory footprint.
    The Common Vulnerabilities and Exposures project identifies the 
    following problems:
      lighttpd 1.4.18, and possibly other versions before 1.5.0, does not
      properly calculate the size of a file descriptor array, which allows 
      remote attackers to cause a denial of service (crash) via a large number 
      of connections, which triggers an out-of-bounds access. 
      connections.c in lighttpd before 1.4.16 might accept more connections 
      than the configured maximum, which allows remote attackers to cause a
      denial of service (failed assertion) via a large number of connection
    For the stable distribution (etch), these problems have been fixed in
    version 1.4.13-4etch9.
    For the unstable distribution (sid), these problems have been fixed in
    version 1.4.18-2.
    We recommend that you upgrade your lighttpd package.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    Source archives:
        Size/MD5 checksum:     1106 b9e468fa16bb1874ceef9596827a0aee
        Size/MD5 checksum:   793309 3a64323b8482b0e8a6246dbfdb4c39dc
        Size/MD5 checksum:    37524 b935ac31122e596b50393b32412c4634
    Architecture independent packages:
        Size/MD5 checksum:    99444 f4da891e3055833d72cedb093ebe961b
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:    65236 07a7c10a1a9e8e5be6591eafdcb2af70
        Size/MD5 checksum:   319704 347221cd0521559c703e77a638101378
        Size/MD5 checksum:    59970 cd8eebac5cafbfc86a94b7bdec622cdc
        Size/MD5 checksum:    71720 2243711e9b479e7201bd075375341570
        Size/MD5 checksum:    61748 e082eba9bed47e7d41b97b8c3faf2ab4
        Size/MD5 checksum:    64804 2300124052e6cd3d16b5d912771a43d2
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:    70042 f216ba125297f9617e9b93ae5e9c1528
        Size/MD5 checksum:    60890 0cf8ebc595c92cf0e5133cfb0fdb45f1
        Size/MD5 checksum:    64028 22bef6211d9afd320292721a796671fb
        Size/MD5 checksum:    63726 1908fe9c6b35d03ac8cb8ca25bc119a8
        Size/MD5 checksum:    59294 a0bc743d9720b97db28764c6c1e0f79c
        Size/MD5 checksum:   297536 0de34b9f4ef546ae5f38991f4676143a
    arm architecture (ARM)
        Size/MD5 checksum:    63132 28b693dd3dc65d743e84af5249e6867e
        Size/MD5 checksum:    69696 7c49c8c4dc0ae30526d0ccd02cec9376
        Size/MD5 checksum:    60870 bb8fa82a14b51ddf0c4de1e869755459
        Size/MD5 checksum:    62936 e831e83489ced32abeeae5c4a9b26e01
        Size/MD5 checksum:   286636 77d3c387d79492d0655bf45930ed774a
        Size/MD5 checksum:    58744 7fe590b4b243a5d33f9328d23c25f037
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:    65586 fc9bc390e05808b64c7f3323465f3860
        Size/MD5 checksum:    59958 3ba195a79e46a6e896482ffd79121daf
        Size/MD5 checksum:    65072 7f750a4b25c1449c76216a4006bed3ef
        Size/MD5 checksum:    61960 98543c413da83a34f1a066ea6701b4b8
        Size/MD5 checksum:    73006 d49b3f59f4014f2982157b383667d6f4
        Size/MD5 checksum:   324090 bb1800b50a874f7286bd8d2a6bd69806
    i386 architecture (Intel ia32)
        Size/MD5 checksum:   289054 9d101f135f459437d125ea443d0f3652
        Size/MD5 checksum:    71210 9a6962f56b581b73320e0e8d75166aa3
        Size/MD5 checksum:    64018 864494c387986f427f3fa35a3eb8e688
        Size/MD5 checksum:    61270 45f87772bf860aa3463927599555948e
        Size/MD5 checksum:    64260 7084c5bb2d0145dab2ce6902d4b3f251
        Size/MD5 checksum:    59494 eb4ce22389b5eacbe7f279731f89dad7
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:    58634 2dead181d2874aba311da3c28ae5ce00
        Size/MD5 checksum:   296406 64a97a2fcd2d78a4e3a9e1c57253c5ad
        Size/MD5 checksum:    60026 bccc394d18921f666d9cda04f6c50e6e
        Size/MD5 checksum:    69302 003ca7f181dead692e8070206ec555f8
        Size/MD5 checksum:    62598 027b727988bc41f1f61bf208dbffd03e
        Size/MD5 checksum:    62724 16f4243a6d66a7e0cfea2a2c5430eed4
    powerpc architecture (PowerPC)
        Size/MD5 checksum:   324104 ff3b010a174d956f4b2e1d4907883290
        Size/MD5 checksum:    65190 ed5a4ddac8ea7fa260b3ffed37b03b84
        Size/MD5 checksum:    65462 c5777f10ab6a3ee8776d71c53808143c
        Size/MD5 checksum:    60718 c8c9da07c137e73c16fda7e1347a61b4
        Size/MD5 checksum:    62528 407cf5d91565f8d22cb54e540e95cec0
        Size/MD5 checksum:    71840 2d40c1080b696a949262cf19dafa93b7
    s390 architecture (IBM S/390)
        Size/MD5 checksum:    59730 aa85c7a60138cd531b2693a0f02e7466
        Size/MD5 checksum:    64778 351ff20233c9ac9c897489b04129976f
        Size/MD5 checksum:   307340 b84df276716669831f54ca5926158ba0
        Size/MD5 checksum:    71520 960bbc9184cda5625fec9e5c8f721751
        Size/MD5 checksum:    61230 c5bc149d49c8c8c0eadb53098c5802b8
        Size/MD5 checksum:    64392 4505fe625ce17c305a79c74226150150
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:   284464 660005588988330ef2742e208e18b1ed
        Size/MD5 checksum:    58928 739d374e9412b1c33ffcc4d84e06ff4c
        Size/MD5 checksum:    63490 57c717bbd4a6c7a27c2b3ce664b447c6
        Size/MD5 checksum:    60574 0fe2a1a268d154fdb6a11ef33a7c9a9f
        Size/MD5 checksum:    63466 bbb49f9396ba560a5db3d4f30a78ab02
        Size/MD5 checksum:    69956 cc2a681cb6e423b0d91aca6691628088
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"8","type":"x","order":"1","pct":27.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":20.69,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":51.72,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.