LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

lighttpd: denial of service and MITM vulnerabilities

Package(s):lighttpd CVE #(s):CVE-2011-4362 CVE-2011-3389
Created:December 21, 2011 Updated:September 10, 2012
Description: A signedness issue in the lighttpd base64 decoding routine can lead to an out-of-bounds read and a denial-of-service opportunity (CVE-2011-4362). Lighttpd can also be vulnerable to the SSL "BEAST" attack in certain configurations, enabling a possible man-in-the-middle attack (CVE-2011-3389).
Alerts:
Fedora FEDORA-2011-17400 2011-12-23
Fedora FEDORA-2011-17400 2011-12-23
Debian DSA-2368-1 2011-12-20
Fedora FEDORA-2011-17400 2011-12-23
Fedora FEDORA-2011-17400 2011-12-23
Fedora FEDORA-2011-17400 2011-12-23
openSUSE openSUSE-SU-2012:0030-1 2012-01-05
Debian DSA-2398-1 2012-01-30
openSUSE openSUSE-SU-2012:0240-1 2012-02-09
Gentoo 201203-02 2012-03-05
SUSE SUSE-SU-2012:0114-2 2012-03-06
Debian DSA-2398-2 2012-03-31
Mandriva MDVSA-2012:058 2012-04-13
Red Hat RHSA-2012:0508-01 2012-04-23
Fedora FEDORA-2012-9040 2012-06-26
Fedora FEDORA-2012-9078 2012-06-26
Mageia MGASA-2012-0259 2012-09-07
Gentoo 201301-01 2013-01-07
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds