Bug 434163 (CVE-2008-0983)

Summary: CVE-2008-0983 lighttpd crashes when it's low on file descriptors
Product: [Other] Security Response Reporter: Red Hat Product Security <security-response-team>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: canim.turkiyem, matthias
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466663
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-21 09:46:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 435807, 435808, 435809    
Bug Blocks:    

Description Lubomir Kundrak 2008-02-22 15:23:26 UTC 
Description of problem:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466663
http://trac.lighttpd.net/trac/ticket/1562

See those references. I am not sure whether they are the same issue (one seems
to be solaris dependent and produces different result), but the debian crash
definitely is of our interest.

If they are the same it can be triggered by opening a lot of connections to the
web server.
Comment 2 Tomas Hoger 2008-02-29 07:50:14 UTC 
*** Bug 435418 has been marked as a duplicate of this bug. ***
Comment 3 Tomas Hoger 2008-02-29 07:54:22 UTC 
Upstream bug is closed now with following patch as the final solution:

http://trac.lighttpd.net/trac/changeset/2082
Comment 5 Fedora Update System 2008-03-04 10:58:18 UTC 
lighttpd-1.4.18-6.fc8 has been submitted as an update for Fedora 8
Comment 6 Fedora Update System 2008-03-04 11:34:57 UTC 
lighttpd-1.4.18-3.fc7 has been submitted as an update for Fedora 7
Comment 7 Fedora Update System 2008-03-06 16:34:54 UTC 
lighttpd-1.4.18-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2008-03-06 16:36:14 UTC 
lighttpd-1.4.18-6.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Red Hat Product Security 2008-07-21 09:46:19 UTC 
This issue was addressed in:

Fedora:
  https://admin.fedoraproject.org/updates/F8/FEDORA-2008-2278
Comment 11 Red Hat Bugzilla 2009-10-23 19:06:33 UTC 
Reporter changed to security-response-team by request of Jay Turner.