Description of problem: New 1.4.18 release of lighttpd fixes an arbitrary code execution flaw in lighttpd's header parsing code. Please update the package. Additional info: http://secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability/ http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
I'm working on updated packages for all current releases.
lighttpd-1.4.18-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.