| |||||||||||||||||||
Mageia alert MGASA-2012-0345 (lighttpd)
MGASA-2012-0345 Date: November 29th, 2012 Affected releases: 1, 2 Description: The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header (CVE-2012-5533). Updated Packages: Mageia 1: lighttpd-1.4.28-6.3.mga1 lighttpd-mod_auth-1.4.28-6.3.mga1 lighttpd-mod_cml-1.4.28-6.3.mga1 lighttpd-mod_compress-1.4.28-6.3.mga1 lighttpd-mod_magnet-1.4.28-6.3.mga1 lighttpd-mod_mysql_vhost-1.4.28-6.3.mga1 lighttpd-mod_trigger_b4_dl-1.4.28-6.3.mga1 lighttpd-mod_webdav-1.4.28-6.3.mga1 Mageia 2: lighttpd-1.4.30-5.1.mga2 lighttpd-mod_auth-1.4.30-5.1.mga2 lighttpd-mod_cml-1.4.30-5.1.mga2 lighttpd-mod_compress-1.4.30-5.1.mga2 lighttpd-mod_magnet-1.4.30-5.1.mga2 lighttpd-mod_mysql_vhost-1.4.30-5.1.mga2 lighttpd-mod_trigger_b4_dl-1.4.30-5.1.mga2 lighttpd-mod_webdav-1.4.30-5.1.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5533 http://lists.opensuse.org/opensuse-updates/2012-11/msg000... https://bugs.mageia.org/show_bug.cgi?id=8210 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||