Bug 561340 (CVE-2010-0295)
| Summary: | CVE-2010-0295 lighttpd: Remote DoS (excessive memory use) by handling specially-crafted HTTP request | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | unspecified | CC: | fcami, ma, matthias, mitchb | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| URL: | http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2016-06-10 22:25:54 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 562991 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
|
Description
Jan Lieskovsky
2010-02-03 13:28:03 UTC
This issue affects the latest versions of the lighttpd package, as shipped with Fedora release of 11 (lighttpd-1.4.23-1.fc11) and 12 (lighttpd-1.4.23-1.fc12). This issue affects the latest versions of the lighttpd package, as shipped with Extra Packages for Enterprise Linux 4 (EPEL-4) -- lighttpd-1.4.23-1.el4, and 5 (EPEL-5) -- lighttpd-1.4.23-1.el5 projects. Please fix. Created attachment 395462 [details]
lighttpd 1.4.26 srpm
Integrates spawn_fcgi-1.6.23
here it is, as-is, please review before distributing.
Tested on Centos 5.latest + EPEL.
spawn-fcgi-1.6.2-1.el5.1,lighttpd-1.4.26-2.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/spawn-fcgi-1.6.2-1.el5.1,lighttpd-1.4.26-2.el5 lighttpd-1.4.26-2.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/lighttpd-1.4.26-2.fc11 lighttpd-1.4.26-2.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/lighttpd-1.4.26-2.fc12 spawn-fcgi-1.6.2-1.el4.1,lighttpd-1.4.26-2.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/spawn-fcgi-1.6.2-1.el4.1,lighttpd-1.4.26-2.el4 lighttpd-1.4.26-2.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/lighttpd-1.4.26-2.fc13 lighttpd-1.4.26-2.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. lighttpd-1.4.26-2.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. lighttpd-1.4.26-2.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. spawn-fcgi-1.6.2-1.el5.1, lighttpd-1.4.26-2.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. spawn-fcgi-1.6.2-1.el4.1, lighttpd-1.4.26-2.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report. |