Security Corner 0.3: lighttpd Denial of Service
Affected by security bug quite significant, lighttpd is still be vulnerable to Ubuntu repositories.
Lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.
Vulnerable Version:
- Hardy (upgraded)
- Gutsy
- Feisty
- Edgy
CVE
Debdiffs:
- hardy_lighttpd_1.4.19-0ubuntu3.debdiff
- gutsy_security_lighttpd_1.4.18-1ubuntu1.4.debdiff
- feisty_security_lighttpd_1.4.13-9ubuntu4.6.debdiff
- edgy_security_lighttpd_1.4.13~r1370-1ubuntu1.7.debdiff
Upgrade by .deb packages:
- lighttpd_1.4.18-1ubuntu1.4~emgentsecurity0_i386.deb (Gutsy i386)
- lighttpd_1.4.18-1ubuntu1.4~emgentsecurity0_amd64.deb (Gutsy amd64)
- lighttpd_1.4.13-9ubuntu4.6~emgentsecurity0_i386.deb (Feisty i386)
- lighttpd_1.4.13-9ubuntu4.6~emgentsecurity0_amd64.deb (Feisty amd64)
- lighttpd_1.4.13~r1370-1ubuntu1.7~1emgentsecurity0_i386.deb (Edgy i386)
- lighttpd_1.4.13~r1370-1ubuntu1.7~1emgentsecurity0_amd64.deb (Edgy amd64)
Upgrade by Repository:
- Gutsy
deb http://ppa.launchpad.net/emgent/ubuntu gutsy main deb-src http://ppa.launchpad.net/emgent/ubuntu gutsy main
apt-get update
apt-get upgrade
- Feisty
deb http://ppa.launchpad.net/emgent/ubuntu feisty main deb-src http://ppa.launchpad.net/emgent/ubuntu feisty main
apt-get update
apt-get upgrade
- Edgy
deb http://ppa.launchpad.net/emgent/ubuntu edgy main deb-src http://ppa.launchpad.net/emgent/ubuntu edgy main
apt-get update
apt-get upgrade