What Are You Looking For?

Sign Up
MGASA-2022-0161 - Updated lighttpd packages fix security vulnerability

Publication date: 06 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0161.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-22707

In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function
of the mod_extforward plugin has a stack-based buffer overflow (4 bytes
representing -1), as demonstrated by remote denial of service (daemon
crash) in a non-default configuration. The non-default configuration
requires handling of the Forwarded header in a somewhat unusual manner.
Also, a 32-bit system is much more likely to be affected than a 64-bit
system. (CVE-2022-22707)

References:
- https://bugs.mageia.org/show_bug.cgi?id=29877
- https://www.debian.org/security/2022/dsa-5040
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6P5G6MJW4Q5RKKPO7TS5CLAAEQ2QUYBE/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22707

SRPMS:
- 8/core/lighttpd-1.4.59-1.1.mga8

Mageia 2022-0161: lighttpd security update

In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated b...

Summary

In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. (CVE-2022-22707)

References

- https://bugs.mageia.org/show_bug.cgi?id=29877

- https://www.debian.org/security/2022/dsa-5040

- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6P5G6MJW4Q5RKKPO7TS5CLAAEQ2QUYBE/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22707

Resolution

MGASA-2022-0161 - Updated lighttpd packages fix security vulnerability

SRPMS

- 8/core/lighttpd-1.4.59-1.1.mga8

Severity
Publication date: 06 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0161.html
Type: security
CVE: CVE-2022-22707

Related News

P2PInfect Botnet Activity Surges 600x with Stealthier Malware Variants

Sep 22, 2023

Latest Release of EuroLinux Desktop – What Will We Find in Version 9.1?

Apr 2, 2023

Many WordPress Plugin Flaws Leveraged by Novel Linux Malware

Jan 5, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo