Bug 434163 (CVE-2008-0983) - CVE-2008-0983 lighttpd crashes when it's low on file descriptors
Summary: CVE-2008-0983 lighttpd crashes when it's low on file descriptors
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2008-0983
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://bugs.debian.org/cgi-bin/bugrep...
Whiteboard:
: 435418 (view as bug list)
Depends On: Confidential435807 Confidential435808 Confidential435809
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-02-22 15:23 UTC by Red Hat Product Security
Modified: 2009-10-23 19:06 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-07-21 09:46:19 UTC

Attachments (Terms of Use)

Description Lubomir Kundrak 2008-02-22 15:23:26 UTC 
Description of problem:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466663
http://trac.lighttpd.net/trac/ticket/1562

See those references. I am not sure whether they are the same issue (one seems
to be solaris dependent and produces different result), but the debian crash
definitely is of our interest.

If they are the same it can be triggered by opening a lot of connections to the
web server.
Comment 2 Tomas Hoger 2008-02-29 07:50:14 UTC 
*** Bug 435418 has been marked as a duplicate of this bug. ***
Comment 3 Tomas Hoger 2008-02-29 07:54:22 UTC 
Upstream bug is closed now with following patch as the final solution:

http://trac.lighttpd.net/trac/changeset/2082
Comment 5 Fedora Update System 2008-03-04 10:58:18 UTC 
lighttpd-1.4.18-6.fc8 has been submitted as an update for Fedora 8
Comment 6 Fedora Update System 2008-03-04 11:34:57 UTC 
lighttpd-1.4.18-3.fc7 has been submitted as an update for Fedora 7
Comment 7 Fedora Update System 2008-03-06 16:34:54 UTC 
lighttpd-1.4.18-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2008-03-06 16:36:14 UTC 
lighttpd-1.4.18-6.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Red Hat Product Security 2008-07-21 09:46:19 UTC 
This issue was addressed in:

Fedora:
  https://admin.fedoraproject.org/updates/F8/FEDORA-2008-2278
Comment 11 Red Hat Bugzilla 2009-10-23 19:06:33 UTC 
Reporter changed to security-response-team by request of Jay Turner.
Note You need to log in before you can comment on or make changes to this bug.