SUSE Security Update: Security update for lighttpd ______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0474-1 Rating: important References: #867350 Cross-References: CVE-2014-2323 CVE-2014-2324 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 ______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
The HTTP server lighttpd was updated to fix the following security issues:
* CVE-2014-2323: SQL injection vulnerability in mod_mysql_vhost.c in lighttpd allowed remote attackers to execute arbitrary SQL commands via the host name. * CVE-2014-2323: Multiple directory traversal vulnerabilities in mod_evhost and mod_simple_vhost in lighttpd allowed remote attackers to read arbitrary files via .. (dot dot) in the host name.