Login

Noch kein Login?
Daten vergessen?

 
Newsletter
Werbung
Sicherheit: Pufferüberlauf in lighttpd
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in lighttpd
ID: DSA-1362-2
Distribution: Debian
Plattformen: Debian etch
Datum: So, 7. Oktober 2007, 17:28
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4727

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



- ------------------------------------------------------------------------

Debian Security Advisory 1362-2                      security@debian.org

http://www.debian.org/security/                               Steve Kemp

October 7th, 2007                     http://www.debian.org/security/faq

- ------------------------------------------------------------------------



Package        : lighttpd

Vulnerability  : buffer overflow

Problem type   : repmote

Debian-specific: no

CVE Id(s)      : CVE-2007-4727





A problem was discovered in lighttpd, a fast webserver with minimal memory

footprint, which could allow the execution of arbitary code via the

overflow of CGI variables when mod_fcgi was enabled.



This updated advisory correctly patches the security issue, which was

not handled in DSA-1362-1.



For the stable distribution (etch), this problem has been fixed in version

1.4.13-4etch4.



We recommend that you upgrade your lighttpd package.





Upgrade instructions

- --------------------



wget url

        will fetch the file for you

dpkg -i file.deb

        will install the referenced file.



If you are using the apt-get package manager, use the line for

sources.list as given below:



apt-get update

        will update the internal database

apt-get upgrade

        will install corrected packages



You may use an automated update by adding the resources from the

footer to the proper configuration.





Debian GNU/Linux 4.0 alias etch

- --------------------------------



Source archives:



  lighttpd_1.4.13-4etch4.dsc
    Size/MD5 checksum:     1098 17dfd0625a22e95cfd3e9ec509fbdb5b

  lighttpd_1.4.13-4etch4.diff.gz
    Size/MD5 checksum:    36522 13f9e5815efe59582a154beaa70d8330



Architecture independent packages:



  lighttpd-doc_1.4.13-4etch4_all.deb
    Size/MD5 checksum:    99910 e787e67007923593212e2d96f3fe8895



alpha architecture (DEC Alpha)



  lighttpd_1.4.13-4etch4_alpha.deb
    Size/MD5 checksum:   318704 b25cf2719b09d58f9dcfebc7798699f1

  lighttpd-mod-cml_1.4.13-4etch4_alpha.deb
    Size/MD5 checksum:    64748 a9fcb23262d0d958b90a930000d1b9aa

  lighttpd-mod-magnet_1.4.13-4etch4_alpha.deb
    Size/MD5 checksum:    64318 91f28b1d19baea7957d057e97146e537

  lighttpd-mod-webdav_1.4.13-4etch4_alpha.deb
    Size/MD5 checksum:    71554 2a74fb10316f0f5972f6401a367566b3

  lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_alpha.deb
    Size/MD5 checksum:    61084 5af9bcebd8c89cdde6fd980c61fb3e2d

  lighttpd-mod-mysql-vhost_1.4.13-4etch4_alpha.deb
    Size/MD5 checksum:    59324 020186058063587f76a9762b6b226665



amd64 architecture (AMD x86_64 (AMD64))



  lighttpd-mod-magnet_1.4.13-4etch4_amd64.deb
    Size/MD5 checksum:    64016 eb011dc4ccd17d1894faa08871aa62d6

  lighttpd_1.4.13-4etch4_amd64.deb
    Size/MD5 checksum:   297074 f5003c131e1fd7a277ae003c429baa10

  lighttpd-mod-mysql-vhost_1.4.13-4etch4_amd64.deb
    Size/MD5 checksum:    59410 01be5c483651d0fac93a2d68a71cd2c4

  lighttpd-mod-cml_1.4.13-4etch4_amd64.deb
    Size/MD5 checksum:    64360 1d712d6a59dfb479f3ec55e4bc68d7c2

  lighttpd-mod-webdav_1.4.13-4etch4_amd64.deb
    Size/MD5 checksum:    70276 babe9aed7e17f4bfea149f5caf07055c

  lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_amd64.deb
    Size/MD5 checksum:    61180 fee215a88ad56aa4c70178d9a15c2ba4



arm architecture (ARM)



  lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_arm.deb
    Size/MD5 checksum:    60574 c73a4104a545eff1308aa271df02d4df

  lighttpd-mod-magnet_1.4.13-4etch4_arm.deb
    Size/MD5 checksum:    62628 c9d8a757fe8fb002c60726c1984ec441

  lighttpd-mod-mysql-vhost_1.4.13-4etch4_arm.deb
    Size/MD5 checksum:    58442 0d8a6b26363ff9a9459f40cb54b9ea57

  lighttpd_1.4.13-4etch4_arm.deb
    Size/MD5 checksum:   285928 ef4d45b093734a86734031ccf8119a24

  lighttpd-mod-cml_1.4.13-4etch4_arm.deb
    Size/MD5 checksum:    62830 a889a64793663a3634217a0845e5d34c

  lighttpd-mod-webdav_1.4.13-4etch4_arm.deb
    Size/MD5 checksum:    69306 a0ca70279efecf1ff926b8cb7d4aa87c



hppa architecture (HP PA RISC)



  lighttpd-mod-cml_1.4.13-4etch4_hppa.deb
    Size/MD5 checksum:    65194 dc255dd71872e592aad775e57cb87c51

  lighttpd-mod-magnet_1.4.13-4etch4_hppa.deb
    Size/MD5 checksum:    64732 19c9f9e64ea47fa84dfb8e6b4077a295

  lighttpd-mod-mysql-vhost_1.4.13-4etch4_hppa.deb
    Size/MD5 checksum:    59668 b7eb1ff4de57892482843830d1279e76

  lighttpd-mod-webdav_1.4.13-4etch4_hppa.deb
    Size/MD5 checksum:    72724 42bee1fb6d5e18d0509c48f6f73ca42e

  lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_hppa.deb
    Size/MD5 checksum:    61512 7c2d367cc89e66d65abdc2551547f1a0

  lighttpd_1.4.13-4etch4_hppa.deb
    Size/MD5 checksum:   324008 540e306767dbeecdc6f426f549315edd



i386 architecture (Intel ia32)



  lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_i386.deb
    Size/MD5 checksum:    60422 4385f4062a56f93d2b43c5d8dc5e1801

  lighttpd-mod-magnet_1.4.13-4etch4_i386.deb
    Size/MD5 checksum:    63154 61b71c28b9f409b54267ece899d7186b

  lighttpd-mod-webdav_1.4.13-4etch4_i386.deb
    Size/MD5 checksum:    70446 bd9446d7cc7bebcb82179a4977f340a1

  lighttpd_1.4.13-4etch4_i386.deb
    Size/MD5 checksum:   288830 4b56001c6caff859ec7a488b5ee04cdb

  lighttpd-mod-mysql-vhost_1.4.13-4etch4_i386.deb
    Size/MD5 checksum:    58750 20896c54601d55747aebc3026071ee44

  lighttpd-mod-cml_1.4.13-4etch4_i386.deb
    Size/MD5 checksum:    63354 d051b8711b74fd1e0d62d7fa09314dc4



ia64 architecture (Intel ia64)



  lighttpd-mod-cml_1.4.13-4etch4_ia64.deb
    Size/MD5 checksum:    67238 998a3f058f3f29c39c14184af18ab205

  lighttpd-mod-mysql-vhost_1.4.13-4etch4_ia64.deb
    Size/MD5 checksum:    60918 ada59b0c2899a525f1eaccb669844eeb

  lighttpd_1.4.13-4etch4_ia64.deb
    Size/MD5 checksum:   403236 4da29c552376f3797ab610d4b2a426c3

  lighttpd-mod-magnet_1.4.13-4etch4_ia64.deb
    Size/MD5 checksum:    67094 61186f635ba15d848ebb96fbddfc0613

  lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_ia64.deb
    Size/MD5 checksum:    62794 e485c4e54eb1655d13966a3189188177

  lighttpd-mod-webdav_1.4.13-4etch4_ia64.deb
    Size/MD5 checksum:    76802 1ad8da15de1b11eb9d59e2f442ed1b31



mips architecture (MIPS (Big Endian))



  lighttpd-mod-webdav_1.4.13-4etch4_mips.deb
    Size/MD5 checksum:    69770 fbed5119cb65df586854783a0a6c1597

  lighttpd-mod-cml_1.4.13-4etch4_mips.deb
    Size/MD5 checksum:    63240 346111b0b351f8e63620dc7886ba8f62

  lighttpd-mod-magnet_1.4.13-4etch4_mips.deb
    Size/MD5 checksum:    63092 d2fe9565515b74faa490be63e0930492

  lighttpd_1.4.13-4etch4_mips.deb
    Size/MD5 checksum:   296474 d2da306aa37a2b24ae8321de637af475

  lighttpd-mod-mysql-vhost_1.4.13-4etch4_mips.deb
    Size/MD5 checksum:    59056 68a2c1fb1a7e73c69907211eb7ab9072

  lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_mips.deb
    Size/MD5 checksum:    60486 b0414be2d9fc6555ba93cbf139abb223



powerpc architecture (PowerPC)



  lighttpd-mod-magnet_1.4.13-4etch4_powerpc.deb
    Size/MD5 checksum:    64852 0fef8b8d5ab07460b28b4ef12da8158e

  lighttpd-mod-webdav_1.4.13-4etch4_powerpc.deb
    Size/MD5 checksum:    71490 1d7d9ecb84753cbc5120501ac6bc22aa

  lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_powerpc.deb
    Size/MD5 checksum:    62196 b990447911ccb75ec4a98e7a02b3b1b7

  lighttpd-mod-mysql-vhost_1.4.13-4etch4_powerpc.deb
    Size/MD5 checksum:    60392 547c962b77289263e4789c5305e2d00b

  lighttpd-mod-cml_1.4.13-4etch4_powerpc.deb
    Size/MD5 checksum:    65124 f2d07abd718332f3842fcfac348f934d

  lighttpd_1.4.13-4etch4_powerpc.deb
    Size/MD5 checksum:   323544 2f95c6cf4d593faec45ac9a3dd1ade06



sparc architecture (Sun SPARC/UltraSPARC)



  lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_sparc.deb
    Size/MD5 checksum:    60258 8e96e1baa4f77b35ad4d9fa80bc21620

  lighttpd-mod-cml_1.4.13-4etch4_sparc.deb
    Size/MD5 checksum:    63168 d8659b87a64b0515029dd733cd026266

  lighttpd-mod-mysql-vhost_1.4.13-4etch4_sparc.deb
    Size/MD5 checksum:    58606 f8e27a338af9f8fbdf9fe23a5c0920e5

  lighttpd-mod-webdav_1.4.13-4etch4_sparc.deb
    Size/MD5 checksum:    69614 bd29c5f6b3a2f14499503e4c6923fba2

  lighttpd-mod-magnet_1.4.13-4etch4_sparc.deb
    Size/MD5 checksum:    63144 2b91e847d407e2b037e33f17fdf6eaf0

  lighttpd_1.4.13-4etch4_sparc.deb
    Size/MD5 checksum:   283836 b72422b763c1ed1409e8b207a0a9b5f2





  These files will probably be moved into the stable distribution on

  its next update.



-
 ---------------------------------------------------------------------------------

For apt-get: deb http://security.debian.org/ stable/updates main

For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main

Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.6 (GNU/Linux)



iD8DBQFHCPhpwM/Gs81MDZ0RAnWoAKDVWzhJmr3QumRXijhkcSdMEy5ToACeLAlM

00/7SYTAEMyGv1R47in9YvQ=

=oHBC

-----END PGP SIGNATURE-----





-- 

To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org

with a subject of "unsubscribe". Trouble? Contact
 listmaster@lists.debian.org
Pro-Linux
Gewinnspiel
Neue Nachrichten

0
Zend Framework 2.2.0 ver­spricht mehr Kon­sis­tenz

16
Firefox 22 aktiviert WebRTC

9
10 Jahre Groklaw

17
Kroatiens Prä­si­dent lobt den kreativen Geist der Open-Sour­ce Ge­mein­schaft

2
Sernet bietet Sam­ba4-Kom­plett­pa­ke­te für ver­schie­de­ne Dis­tri­bu­tio­nen

19
Linux: Si­cher­heits­lü­cke erlaubt Roo­t-Zu­griff

1
Ge­winn­spiel: Ein­tritts­kar­ten für den LinuxTag 2013

22
Neue An­dro­id-Ent­wick­lungs­um­ge­bung Android Studio

0
Open-IT Summit am 22. und 23. Mai auf dem LinuxTag

0
OpenAPC 3.0 mit Be­am­Con­struc­t-SDK
 
Werbung