Описание
Security update for lighttpd
This update for lighttpd fixes the following issues:
lighttpd was updated to 1.4.67:
- Update comment about TCP_INFO on OpenBSD
- [mod_ajp13] fix crash with bad response headers (fixes #3170)
- [core] handle RDHUP when collecting chunked body CVE-2022-41556 (boo#1203872)
- [core] tweak streaming request body to backends
- [core] handle ENOSPC with pwritev() (#3171)
- [core] manually calculate off_t max (fixes #3171)
- [autoconf] force large file support (#3171)
- [multiple] quiet coverity warnings using casts
- [meson] add license keyword to project declaration
Список пакетов
SUSE Package Hub 15 SP3
lighttpd-1.4.67-bp154.2.6.1
lighttpd-mod_authn_gssapi-1.4.67-bp154.2.6.1
lighttpd-mod_authn_ldap-1.4.67-bp154.2.6.1
lighttpd-mod_authn_pam-1.4.67-bp154.2.6.1
lighttpd-mod_authn_sasl-1.4.67-bp154.2.6.1
lighttpd-mod_magnet-1.4.67-bp154.2.6.1
lighttpd-mod_maxminddb-1.4.67-bp154.2.6.1
lighttpd-mod_rrdtool-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_dbi-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_ldap-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_mysql-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_pgsql-1.4.67-bp154.2.6.1
lighttpd-mod_webdav-1.4.67-bp154.2.6.1
SUSE Package Hub 15 SP4
lighttpd-1.4.67-bp154.2.6.1
lighttpd-mod_authn_gssapi-1.4.67-bp154.2.6.1
lighttpd-mod_authn_ldap-1.4.67-bp154.2.6.1
lighttpd-mod_authn_pam-1.4.67-bp154.2.6.1
lighttpd-mod_authn_sasl-1.4.67-bp154.2.6.1
lighttpd-mod_magnet-1.4.67-bp154.2.6.1
lighttpd-mod_maxminddb-1.4.67-bp154.2.6.1
lighttpd-mod_rrdtool-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_dbi-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_ldap-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_mysql-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_pgsql-1.4.67-bp154.2.6.1
lighttpd-mod_webdav-1.4.67-bp154.2.6.1
openSUSE Leap 15.3
lighttpd-1.4.67-bp154.2.6.1
lighttpd-mod_authn_gssapi-1.4.67-bp154.2.6.1
lighttpd-mod_authn_ldap-1.4.67-bp154.2.6.1
lighttpd-mod_authn_pam-1.4.67-bp154.2.6.1
lighttpd-mod_authn_sasl-1.4.67-bp154.2.6.1
lighttpd-mod_magnet-1.4.67-bp154.2.6.1
lighttpd-mod_maxminddb-1.4.67-bp154.2.6.1
lighttpd-mod_rrdtool-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_dbi-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_ldap-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_mysql-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_pgsql-1.4.67-bp154.2.6.1
lighttpd-mod_webdav-1.4.67-bp154.2.6.1
openSUSE Leap 15.4
lighttpd-1.4.67-bp154.2.6.1
lighttpd-mod_authn_gssapi-1.4.67-bp154.2.6.1
lighttpd-mod_authn_ldap-1.4.67-bp154.2.6.1
lighttpd-mod_authn_pam-1.4.67-bp154.2.6.1
lighttpd-mod_authn_sasl-1.4.67-bp154.2.6.1
lighttpd-mod_magnet-1.4.67-bp154.2.6.1
lighttpd-mod_maxminddb-1.4.67-bp154.2.6.1
lighttpd-mod_rrdtool-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_dbi-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_ldap-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_mysql-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_pgsql-1.4.67-bp154.2.6.1
lighttpd-mod_webdav-1.4.67-bp154.2.6.1
Ссылки
- E-Mail link for openSUSE-SU-2022:10140-1
- SUSE Security Ratings
- SUSE Bug 1203872
- SUSE CVE CVE-2022-41556 page
Описание
A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.
Затронутые продукты
SUSE Package Hub 15 SP3:lighttpd-1.4.67-bp154.2.6.1
SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.67-bp154.2.6.1
SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.67-bp154.2.6.1
SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.67-bp154.2.6.1
Ссылки
- CVE-2022-41556
- SUSE Bug 1203872