Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: [SECURITY] [DSA 1540-1] New lighttpd packages fix denial of service

[SECURITY] [DSA 1540-1] New lighttpd packages fix denial of service

From: Steve Kemp <skx_at_debian.org>
Date: Mon, 7 Apr 2008 18:44:06 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1540-1 security_at_debian.org
http://www.debian.org/security/ Steve Kemp
April 07, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : lighttpd
Vulnerability : DOS
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1531

It was discovered that lighttpd, a fast webserver with minimal memory
footprint, was didn't correctly handle SSL errors. This could allow
a remote attacker to disconnect all active SSL connections.

For the stable distribution (etch), this problem has been fixed in version
1.4.13-4etch7.

We recommend that you upgrade your lighttpd package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7.dsc
    Size/MD5 checksum: 1098 0d420a477511699665602b3c64b39179
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz
    Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7.diff.gz
    Size/MD5 checksum: 37428 1f54c20fa199127e6db25176bcbe5902

Architecture independent packages:

  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch7_all.deb
    Size/MD5 checksum: 99548 11dbb6f839e908c0d641249fb3d4fdc4

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_alpha.deb
    Size/MD5 checksum: 64532 d799861c011b78a8238777f49c6fb92d
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_alpha.deb
    Size/MD5 checksum: 318940 0e6314a5e9254d6500fb67555844d71b
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_alpha.deb
    Size/MD5 checksum: 64964 bd1d1cd3aa8c601b9cfad9e48528cb75
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_alpha.deb
    Size/MD5 checksum: 61294 55daca76be0d34892687511d3f4f1be9
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_alpha.deb
    Size/MD5 checksum: 71764 74606f3ddea8f458c2ede8395bedb305
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_alpha.deb
    Size/MD5 checksum: 59532 267cff02d1ecbfa394bba4128d475fc8

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_amd64.deb
    Size/MD5 checksum: 60706 f8be0d85f9fbeb4c13812193f5d9fd97
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_amd64.deb
    Size/MD5 checksum: 69852 e827323f52a4705c7181d183d4d91e28
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_amd64.deb
    Size/MD5 checksum: 59104 310716e9e2e8c2f52bef3d6c604d6db0
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_amd64.deb
    Size/MD5 checksum: 297296 dbfccf2a8da12c6ebe829322be356345
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_amd64.deb
    Size/MD5 checksum: 63842 b0f28737f30018c175bf880134b3a125
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_amd64.deb
    Size/MD5 checksum: 63542 64b3baf663b5da3ecb2768583aea88db

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_arm.deb
    Size/MD5 checksum: 58644 dca9be439e843773122daa5116961f47
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_arm.deb
    Size/MD5 checksum: 60770 834dbe952f348107cb9c67725a1f10a9
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_arm.deb
    Size/MD5 checksum: 286372 92f55d65c3270e7a7686e9dcc4238891
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_arm.deb
    Size/MD5 checksum: 63016 3d2e94666a3a202be5c5a827fbdcb1b7
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_arm.deb
    Size/MD5 checksum: 69550 05411ae38a2707a34bd39d2f6c5b4c21
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_arm.deb
    Size/MD5 checksum: 62810 ce3d76b2d95b11f5ec9786cef294529a

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_hppa.deb
    Size/MD5 checksum: 64816 6acfc017952efd135f321647e25dde98
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_hppa.deb
    Size/MD5 checksum: 59824 7992d416326a977de23342aded31794d
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_hppa.deb
    Size/MD5 checksum: 65306 f962d71c01565f840e27e0ff7277f08f
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_hppa.deb
    Size/MD5 checksum: 323966 2f988d0e8477a97e67646d1eab378bcb
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_hppa.deb
    Size/MD5 checksum: 72226 132da0df987e1a455bbd5f22c1717b94
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_hppa.deb
    Size/MD5 checksum: 61790 d621a174492d0242af13b95b6367e391

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_i386.deb
    Size/MD5 checksum: 289080 3b7e2220550ad5501a170bebd1c5a13b
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_i386.deb
    Size/MD5 checksum: 60808 7172f3019391d067f3b25bf66c1cadfa
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_i386.deb
    Size/MD5 checksum: 70886 d39938922e8d46b4131e96113f866151
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_i386.deb
    Size/MD5 checksum: 63842 ba0dbce4e4c723572693ecc99aaa72aa
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_i386.deb
    Size/MD5 checksum: 59044 cba49deeb94a51e8499e1f9c343df596
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_i386.deb
    Size/MD5 checksum: 63648 d51193103888bbd61d53318a06e72bcd

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_ia64.deb
    Size/MD5 checksum: 403400 7e52b6af3071399751a6f441efb7ddff
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_ia64.deb
    Size/MD5 checksum: 61138 0bdc32d95d978ea6b3a7ea5aad1adf0b
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_ia64.deb
    Size/MD5 checksum: 67316 6c48f24b952c635a0493cc0f1bddf15c
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_ia64.deb
    Size/MD5 checksum: 63012 4a6645b05cb285aaab3b32d1893759ff
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_ia64.deb
    Size/MD5 checksum: 77006 aff32f03cafed1375aca3fb4d66e3e30
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_ia64.deb
    Size/MD5 checksum: 67460 b320f16089ca496d8b539552979010e5

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_mips.deb
    Size/MD5 checksum: 59902 07ae05203cfa68d6fceb25203bd26849
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_mips.deb
    Size/MD5 checksum: 58522 b365869b231400d2f55d01f6a5b2a8d1
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_mips.deb
    Size/MD5 checksum: 296118 84123ee64559dac2333e5526e442f109
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_mips.deb
    Size/MD5 checksum: 62606 c2dbbd96a58f53c5a9b5fe80f65fd6b5
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_mips.deb
    Size/MD5 checksum: 62478 75986c1998f6ee3132b79fda58e347db
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_mips.deb
    Size/MD5 checksum: 69180 a9ef213bba1905adcdd4445e48083916

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_powerpc.deb
    Size/MD5 checksum: 62414 38e9d66e552fef8b56375532efe174b8
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_powerpc.deb
    Size/MD5 checksum: 71724 2ee5137240b63aba6dd3ad3a10a26c04
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_powerpc.deb
    Size/MD5 checksum: 65352 b44ee19a0de0b85d7eb9996da1684589
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_powerpc.deb
    Size/MD5 checksum: 65072 e9f88e799fa8ff7577e9ee0cd5f0116d
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_powerpc.deb
    Size/MD5 checksum: 323808 f171052f3104e1efd3499b1b8956461b
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_powerpc.deb
    Size/MD5 checksum: 60600 ee6750716fe8ed2e4cef726e5c5c582d

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_s390.deb
    Size/MD5 checksum: 307182 9ed8633e8cf58b9d83488a617b2fe4da
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_s390.deb
    Size/MD5 checksum: 59536 866eee4b685f9da849eca6179c7e3086
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_s390.deb
    Size/MD5 checksum: 71316 0bb7148f058512acc22d7ebc1f9b9ddd
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_s390.deb
    Size/MD5 checksum: 61034 567a055780f4090bc3f6f997574e4fa2
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_s390.deb
    Size/MD5 checksum: 64188 51d457cb51f6d192ac8662947f16a2db
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_s390.deb
    Size/MD5 checksum: 64584 d35c85a7dc2f1d6f52f8aaa3a3ebc1d9

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_sparc.deb
    Size/MD5 checksum: 63366 5f90bf87da4e97e99f2bd1ed41e93215
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_sparc.deb
    Size/MD5 checksum: 58824 93775bfe28fa9444f305e293a2affd2c
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_sparc.deb
    Size/MD5 checksum: 284216 88bb423b58186ba48c07d378eef60831
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_sparc.deb
    Size/MD5 checksum: 63378 779a1f21bfb254895a910051e3660a6e
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_sparc.deb
    Size/MD5 checksum: 60462 a5db92742c05ed0caadb462391a04a4e
  http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_sparc.deb
    Size/MD5 checksum: 69840 185b4976ce7b4d0c0bd70263d3df329e

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce_at_lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH+l06wM/Gs81MDZ0RAuACAKDhXFGsGlz3HcMrl93NpUnxBW4v9wCgiqDo
EgrToRkjFYtmf7RLloAz4T8=
=sfQZ
-----END PGP SIGNATURE-----
Received on Apr 07 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]