Home page logo
/

oss-sec logo oss-sec mailing list archives

lighttpd 1.4.32 released, fixing CVE-2012-5533
From: Stefan Bühler <stbuehler () lighttpd net>
Date: Wed, 21 Nov 2012 13:20:13 +0100

Hi,

we just released lighttpd 1.4.32, fixing a DoS reported by Jesse
Sipprell from McClatchy Interactive, Inc.

Sending "Connection: TE,,Keep-Alive" as header will trigger an endless
loop; as lighttpd is single threaded all request handling will stop
immediately.

Only lighttpd 1.4.31 is affected by this.

For more details and other changes see:
* http://www.lighttpd.net/2012/11/21/1-4-32/
* http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txt

Regards,
Stefan

Attachment: signature.asc
Description:


  By Date           By Thread  

Current thread:
  • lighttpd 1.4.32 released, fixing CVE-2012-5533 Stefan Bühler (Nov 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]