openSUSE-SU-2019:2347-1

Опубликовано: 20 окт. 2019

Источник: suse-cvrf

Описание

Security update for lighttpd

This update for lighttpd to version 1.4.54 fixes the following issues:

Security issues fixed:

CVE-2018-19052: Fixed a path traversal in mod_alias (boo#1115016).
Changed the default TLS configuration of lighttpd for better security out-of-the-box (boo#1087369).

Список пакетов

SUSE Package Hub 15

lighttpd-1.4.54-bp151.4.3.1

lighttpd-mod_authn_gssapi-1.4.54-bp151.4.3.1

lighttpd-mod_authn_ldap-1.4.54-bp151.4.3.1

lighttpd-mod_authn_mysql-1.4.54-bp151.4.3.1

lighttpd-mod_authn_pam-1.4.54-bp151.4.3.1

lighttpd-mod_authn_sasl-1.4.54-bp151.4.3.1

lighttpd-mod_cml-1.4.54-bp151.4.3.1

lighttpd-mod_geoip-1.4.54-bp151.4.3.1

lighttpd-mod_magnet-1.4.54-bp151.4.3.1

lighttpd-mod_maxminddb-1.4.54-bp151.4.3.1

lighttpd-mod_mysql_vhost-1.4.54-bp151.4.3.1

lighttpd-mod_rrdtool-1.4.54-bp151.4.3.1

lighttpd-mod_trigger_b4_dl-1.4.54-bp151.4.3.1

lighttpd-mod_vhostdb_dbi-1.4.54-bp151.4.3.1

lighttpd-mod_vhostdb_ldap-1.4.54-bp151.4.3.1

lighttpd-mod_vhostdb_mysql-1.4.54-bp151.4.3.1

lighttpd-mod_vhostdb_pgsql-1.4.54-bp151.4.3.1

lighttpd-mod_webdav-1.4.54-bp151.4.3.1

SUSE Package Hub 15 SP1

lighttpd-1.4.54-bp151.4.3.1

lighttpd-mod_authn_gssapi-1.4.54-bp151.4.3.1

lighttpd-mod_authn_ldap-1.4.54-bp151.4.3.1

lighttpd-mod_authn_mysql-1.4.54-bp151.4.3.1

lighttpd-mod_authn_pam-1.4.54-bp151.4.3.1

lighttpd-mod_authn_sasl-1.4.54-bp151.4.3.1

lighttpd-mod_cml-1.4.54-bp151.4.3.1

lighttpd-mod_geoip-1.4.54-bp151.4.3.1

lighttpd-mod_magnet-1.4.54-bp151.4.3.1

lighttpd-mod_maxminddb-1.4.54-bp151.4.3.1

lighttpd-mod_mysql_vhost-1.4.54-bp151.4.3.1

lighttpd-mod_rrdtool-1.4.54-bp151.4.3.1

lighttpd-mod_trigger_b4_dl-1.4.54-bp151.4.3.1

lighttpd-mod_vhostdb_dbi-1.4.54-bp151.4.3.1

lighttpd-mod_vhostdb_ldap-1.4.54-bp151.4.3.1

lighttpd-mod_vhostdb_mysql-1.4.54-bp151.4.3.1

lighttpd-mod_vhostdb_pgsql-1.4.54-bp151.4.3.1

lighttpd-mod_webdav-1.4.54-bp151.4.3.1

openSUSE Leap 15.0

lighttpd-1.4.54-bp151.4.3.1

lighttpd-mod_authn_gssapi-1.4.54-bp151.4.3.1

lighttpd-mod_authn_ldap-1.4.54-bp151.4.3.1

lighttpd-mod_authn_mysql-1.4.54-bp151.4.3.1

lighttpd-mod_authn_pam-1.4.54-bp151.4.3.1

lighttpd-mod_authn_sasl-1.4.54-bp151.4.3.1

lighttpd-mod_cml-1.4.54-bp151.4.3.1

lighttpd-mod_geoip-1.4.54-bp151.4.3.1

lighttpd-mod_magnet-1.4.54-bp151.4.3.1

lighttpd-mod_maxminddb-1.4.54-bp151.4.3.1

lighttpd-mod_mysql_vhost-1.4.54-bp151.4.3.1

lighttpd-mod_rrdtool-1.4.54-bp151.4.3.1

lighttpd-mod_trigger_b4_dl-1.4.54-bp151.4.3.1

lighttpd-mod_vhostdb_dbi-1.4.54-bp151.4.3.1

lighttpd-mod_vhostdb_ldap-1.4.54-bp151.4.3.1

lighttpd-mod_vhostdb_mysql-1.4.54-bp151.4.3.1

lighttpd-mod_vhostdb_pgsql-1.4.54-bp151.4.3.1

lighttpd-mod_webdav-1.4.54-bp151.4.3.1

openSUSE Leap 15.1

lighttpd-1.4.54-bp151.4.3.1

lighttpd-mod_authn_gssapi-1.4.54-bp151.4.3.1

lighttpd-mod_authn_ldap-1.4.54-bp151.4.3.1

lighttpd-mod_authn_mysql-1.4.54-bp151.4.3.1

lighttpd-mod_authn_pam-1.4.54-bp151.4.3.1

lighttpd-mod_authn_sasl-1.4.54-bp151.4.3.1

lighttpd-mod_cml-1.4.54-bp151.4.3.1

lighttpd-mod_geoip-1.4.54-bp151.4.3.1

lighttpd-mod_magnet-1.4.54-bp151.4.3.1

lighttpd-mod_maxminddb-1.4.54-bp151.4.3.1

lighttpd-mod_mysql_vhost-1.4.54-bp151.4.3.1

lighttpd-mod_rrdtool-1.4.54-bp151.4.3.1

lighttpd-mod_trigger_b4_dl-1.4.54-bp151.4.3.1

lighttpd-mod_vhostdb_dbi-1.4.54-bp151.4.3.1

lighttpd-mod_vhostdb_ldap-1.4.54-bp151.4.3.1

lighttpd-mod_vhostdb_mysql-1.4.54-bp151.4.3.1

lighttpd-mod_vhostdb_pgsql-1.4.54-bp151.4.3.1

lighttpd-mod_webdav-1.4.54-bp151.4.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VOBJZNTYGCVJJSLH5SFMUWQQJH3XPGJW/#VOBJZNTYGCVJJSLH5SFMUWQQJH3XPGJW
E-Mail link for openSUSE-SU-2019:2347-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1087369
SUSE Bug 1087369
https://bugzilla.suse.com/1111733
SUSE Bug 1111733
https://bugzilla.suse.com/1115016
SUSE Bug 1115016
https://bugzilla.suse.com/1153722
SUSE Bug 1153722
https://www.suse.com/security/cve/CVE-2018-19052/
SUSE CVE CVE-2018-19052 page

Описание

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.

Затронутые продукты

SUSE Package Hub 15 SP1:lighttpd-1.4.54-bp151.4.3.1

SUSE Package Hub 15 SP1:lighttpd-mod_authn_gssapi-1.4.54-bp151.4.3.1

SUSE Package Hub 15 SP1:lighttpd-mod_authn_ldap-1.4.54-bp151.4.3.1

SUSE Package Hub 15 SP1:lighttpd-mod_authn_mysql-1.4.54-bp151.4.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-19052.html
CVE-2018-19052
https://bugzilla.suse.com/1115016
SUSE Bug 1115016

openSUSE-SU-2019:2347-1

Описание

Список пакетов

SUSE Package Hub 15

SUSE Package Hub 15 SP1

openSUSE Leap 15.0

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2018-19052

Описание

Затронутые продукты

Ссылки