LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 29th, 2014
Linux Security Week: August 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New lighttpd packages fix denial of service Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Two problems were discovered with lighttpd, a fast webserver with minimal memory footprint, which could allow denial of service. The Common Vulnerabilities and Exposures project identifies problems. One is a remote attackers could cause denial of service by disconnecting partway through making a request.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1303-1                    security@debian.org
http://www.debian.org/security/                                 Steve Kemp
June 10, 2007                           http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : lighttpd 
Vulnerability  : denial of service
Problem-Type   : local & remote
Debian-specific: no
CVE ID         : CVE-2007-1870 CVE-2007-1869
Debian Bug     : 422254 

Two problems were discovered with lighttpd, a fast webserver with
minimal memory footprint, which could allow denial of service.
The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2007-1869

  Remote attackers could cause denial of service by disconnecting
  partway through making a request.

CVE-2007-1870

  A NULL pointer dereference could cause a crash when serving files
  with a mtime of 0.


For the stable distribution (etch) these problems have been fixed in
version 1.4.13-4etch1.

For the unstable distribution (sid) these problems have been fixed in
version 1.4.14-1.

We recommend that you upgrade your lighttpd package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


  Source archives:

    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1.dsc
      Size/MD5 checksum:     1098 ef3730d86ea77e526e66127d934f03c6
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1.diff.gz
      Size/MD5 checksum:    15173 411d82d078a5303943389fc3521e7fba
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz
      Size/MD5 checksum:   793309 3a64323b8482b0e8a6246dbfdb4c39dc

  Architecture independent components:

    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch1_all.deb
      Size/MD5 checksum:    99474 8a94fa9556f1429528319f1a1fa568f1

  Alpha architecture:

    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_alpha.deb
      Size/MD5 checksum:   318162 283fd8d6c7c27f4bd61898247da07db9
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_alpha.deb
      Size/MD5 checksum:    64510 d0944bbc86a22daa45999afd00676920
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_alpha.deb
      Size/MD5 checksum:    64070 d685ea88c4b629bab5771d08621aa81c
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_alpha.deb
      Size/MD5 checksum:    59074 aad74a6b17e86c8c68b63717b4448e22
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_alpha.deb
      Size/MD5 checksum:    60828 c136287cae4f4cea113657ea6b01ce41
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_alpha.deb
      Size/MD5 checksum:    71320 bc0aa14a9955e2f386fbb43c6061ff8b

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_amd64.deb
      Size/MD5 checksum:   296426 7cbf0ee2b5a3c27b3478ae096419beef
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_amd64.deb
      Size/MD5 checksum:    63922 981c2f63505bd5394c639a1aa93fa25a
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_amd64.deb
      Size/MD5 checksum:    63646 d4ec90dda80422e47115faf57396bb05
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_amd64.deb
      Size/MD5 checksum:    59132 a6cc6145c017eae377b20887dae4618c
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_amd64.deb
      Size/MD5 checksum:    60724 6a6af3f67680ea042ea5e8a6d2170139
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_amd64.deb
      Size/MD5 checksum:    69976 739708ec1200c70a6cc4b468080b49ae

  ARM architecture:

    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_arm.deb
      Size/MD5 checksum:   288014 1114e00e94dc60364fa9aaad59183836
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_arm.deb
      Size/MD5 checksum:    62602 9947d36ac758e7d7cd78064c147ddbe2
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_arm.deb
      Size/MD5 checksum:    62462 220505089fe300fcce338cc730b7cfb2
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_arm.deb
      Size/MD5 checksum:    58360 ca58297fd12f1b62af27a85fddcf47ad
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_arm.deb
      Size/MD5 checksum:    60284 dce6b3c544c0e3bd2f8c08a88cfcb6f2
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_arm.deb
      Size/MD5 checksum:    69420 a889e304aab96e8be3638ce6a16ca1c3

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_hppa.deb
      Size/MD5 checksum:   323150 e49e128dcd9d3d38d08aeaa1fae889cd
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_hppa.deb
      Size/MD5 checksum:    64930 a3a60a655c7f06f38ddd71df3d1c2b48
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_hppa.deb
      Size/MD5 checksum:    64418 9fad81697a0dac3aa1f64cf2ea4a93b2
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_hppa.deb
      Size/MD5 checksum:    59432 29c07432b0d96cc11d4794a6f618c94e
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_hppa.deb
      Size/MD5 checksum:    61198 70155f2b1dce10205822cf14639eedcf
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_hppa.deb
      Size/MD5 checksum:    72464 d51a480afe5e07b0335332e7b24085bb

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_i386.deb
      Size/MD5 checksum:   288108 06270ce40db3249625b3123afe20f545
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_i386.deb
      Size/MD5 checksum:    63110 a01ca815790e6579c308eb364fbf0b9e
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_i386.deb
      Size/MD5 checksum:    62910 17903e4397ba40d9b1fafaae03aeba67
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_i386.deb
      Size/MD5 checksum:    58516 ffd4e5175a0771229aa9ec0ee462367c
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_i386.deb
      Size/MD5 checksum:    60178 a6e7d1e4431950bb1cb9c8ed02d8796e
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_i386.deb
      Size/MD5 checksum:    70212 797fbce72817ed3092d0756d4f0b7b16

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_ia64.deb
      Size/MD5 checksum:   402620 ee76492e203b1c42459a9d35708c15d1
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_ia64.deb
      Size/MD5 checksum:    66974 14dfec6e97a3fffe45c8c8d2b1c263c7
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_ia64.deb
      Size/MD5 checksum:    66822 c8761bdad0192b709a6650935a73b77e
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_ia64.deb
      Size/MD5 checksum:    60666 a51f5988e23c3cb01ba872556e666c67
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_ia64.deb
      Size/MD5 checksum:    62532 306c5d1b0744c9a55bdbc5a3e6ab9d43
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_ia64.deb
      Size/MD5 checksum:    76526 1d46f971460f6bc919cbe4ae68f7049e

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_mips.deb
      Size/MD5 checksum:   295572 d4eff501f522141341fd0d42a7643e50
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_mips.deb
      Size/MD5 checksum:    62994 a42afe38e858bdc97e3d1cc2609040cd
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_mips.deb
      Size/MD5 checksum:    62832 21d9359dee2346189cb50bf6ce743fc5
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_mips.deb
      Size/MD5 checksum:    58804 1f3c6acfdd1500b1a44384cf013368e1
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_mips.deb
      Size/MD5 checksum:    60240 f06fa483be4d888fe6161d4343232879
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_mips.deb
      Size/MD5 checksum:    69504 53b09dd48fdcb378b8ebfb1ba4d71703

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_mipsel.deb
      Size/MD5 checksum:   296010 71a9419f817392755394718a35f176c0
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_mipsel.deb
      Size/MD5 checksum:    63028 d66cf97cf28ee0657b17f5357333b063
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_mipsel.deb
      Size/MD5 checksum:    62854 7861b0cd64b100a068bfebd841d12488
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_mipsel.deb
      Size/MD5 checksum:    58776 2af4301d158b3143d3b40e4aab618f74
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_mipsel.deb
      Size/MD5 checksum:    60248 839ad9fbbc65f5d873033599a5933b8e
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_mipsel.deb
      Size/MD5 checksum:    69494 c76e5480bafdcfcc6ae021aa1000c8b2

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_powerpc.deb
      Size/MD5 checksum:   322174 74b0047df6db5edb00d9d2691c8f064c
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_powerpc.deb
      Size/MD5 checksum:    64874 17f172304062df3885814aa40abfaf19
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_powerpc.deb
      Size/MD5 checksum:    64516 542119472a68eae891b70b408425e5c1
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_powerpc.deb
      Size/MD5 checksum:    60134 7404bfe78362b08fa558310c38809521
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_powerpc.deb
      Size/MD5 checksum:    61946 caed2baa31f06fc1e7d96007c6d33b98
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_powerpc.deb
      Size/MD5 checksum:    71244 31d0392efa451d605daa53846388a9fb

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_s390.deb
      Size/MD5 checksum:   306018 a2a8aaf5a00d7ffdc4a90be4c891e68a
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_s390.deb
      Size/MD5 checksum:    64108 b698d116eccc8373cd0d35efd704b8d5
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_s390.deb
      Size/MD5 checksum:    63718 cfa9c3c452641911f3dc47aa014f717d
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_s390.deb
      Size/MD5 checksum:    59080 d5edfcdfae8a88781869dc800317895b
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_s390.deb
      Size/MD5 checksum:    60572 66ffe78d259ed3c27ee59e9e62c162d1
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_s390.deb
      Size/MD5 checksum:    70756 bc6cb87a363b8007bee03d1383f4c7af

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_sparc.deb
      Size/MD5 checksum:   283110 f6e58d1dc5993bad86eeac3d322c4f96
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_sparc.deb
      Size/MD5 checksum:    62912 61868c7b6990c7c358643edb63bb9d2f
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_sparc.deb
      Size/MD5 checksum:    62884 983eee1671580a04506e6353a119c1ab
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_sparc.deb
      Size/MD5 checksum:    58356 f5a3f3eb5caaac0966e64a463eb8635c
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_sparc.deb
      Size/MD5 checksum:    60002 39e417cc65309ed2aeee7f7c91a607cb
    http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_sparc.deb
      Size/MD5 checksum:    69364 dc30f534d4bb72a97b62f3c4f59fdaf6


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Mozilla reports user data leak from Bugzilla project
These 3-D Printed Skeleton Keys Can Pick High-Security Locks in Seconds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.