Fedora 22: FEDORA-2015-12252 Moderate: Lighttpd Log Injection Threat
fedora
August 7, 2015
Latest upstream security release: http://www.lighttpd.net/2015/7/26/1.4.36/
Summary
Secure, fast, compliant and very flexible web-server which has been optimized
for high-performance environments. It has a very low memory footprint compared
to other webservers and takes care of cpu-load. Its advanced feature-set
(FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make
it the perfect webserver-software for every server that is suffering load
problems.
Update Information:
Latest upstream security release:
http://www.lighttpd.net/2015/7/26/1.4.36/
Topics Covered
Change Log
* Mon Jul 27 2015 Jon Ciesla
References
[ 1 ] Bug #1224911 - CVE-2015-3200 lighttpd: log injection via malformed base64 string in Authentication header [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1224911
[ 2 ] Bug #1224910 - CVE-2015-3200 lighttpd: log injection via malformed base64 string in Authentication header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1224910
[ 3 ] Bug #1246857 - lighttpd-1.4.36 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1246857
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update lighttpd' at the command line. For more information, refer to "Managing Software with yum", available at .
PREVIOUS
NEXT
Name: lighttpd
Product: Fedora 22
Version: 1.4.36
Release: 1.fc22
Summary: Lightning fast webserver with light system requirements
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!