Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [SECURITY] [DSA 1540-2] New lighttpd packages fix deni

from [Steve Kemp] Network Security [Permanent Link]
Subject: [Full-disclosure] [SECURITY] [DSA 1540-2] New lighttpd packages fix denial of service
Date: Tue, 15 Apr 2008 19:42:30 +0100 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- ------------------------------------------------------------------------
Debian Security Advisory DSA-1540-2                  security@debian.org
http://www.debian.org/security/                               Steve Kemp
April 15, 2008                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : lighttpd
Vulnerability  : DOS
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-1531

It was discovered that lighttpd, a fast webserver with minimal memory
footprint, was didn't correctly handle SSL errors.  This could allow
a remote attacker to disconnect all active SSL connections.

This security update fixes a regression in the previous one, which caused
SSL failures.

For the stable distribution (etch), this problem has been fixed in version
1.4.13-4etch8.

We recommend that you upgrade your lighttpd package.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8.diff.gz
    Size/MD5 checksum:    37420 89efdab79fcbac119000a64cab648fcd
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz
    Size/MD5 checksum:   793309 3a64323b8482b0e8a6246dbfdb4c39dc
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8.dsc
    Size/MD5 checksum:     1098 87a04c4e704dd7921791bc44407b5e0e

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch8_all.deb
    Size/MD5 checksum:    99618 ae68b64b7c0df0f0b3a9d19b87e7c40a

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_amd64.deb
    Size/MD5 checksum:   297300 19f5b871d2a9a483e1ecdaa2325c45cb
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_amd64.deb
    Size/MD5 checksum:    63586 750cf5f5d7671986b195366f2335c9cc
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_amd64.deb
    Size/MD5 checksum:    63884 72ee2b52772010ae7c63a0a2b4761ff5
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_amd64.deb
    Size/MD5 checksum:    59138 45672a1a3af65311693a3aee58be5566
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_amd64.deb
    Size/MD5 checksum:    69890 b84d4ea8c9af282e2aeeb5c05847a95a
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_amd64.deb
    Size/MD5 checksum:    60742 f48ef372b71be1b2683d03b411c7e7cf

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_hppa.deb
    Size/MD5 checksum:    59896 60a4e61e9b5e2bafbf53474d677b36bb
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_hppa.deb
    Size/MD5 checksum:   323946 642f46921f99dfdf8e52ed3777847cbc
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_hppa.deb
    Size/MD5 checksum:    61890 4feb260d9f611c26979872b49b09ebc1
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_hppa.deb
    Size/MD5 checksum:    65000 2ce28ddd20bcd1bf407e14bae053537b
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_hppa.deb
    Size/MD5 checksum:    72946 33c93c114c3807d63bb18a5a9b3f33b9
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_hppa.deb
    Size/MD5 checksum:    65520 82a4460351af3d4c8b9d84ec831bd006

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_i386.deb
    Size/MD5 checksum:    63884 96876134f02cf6b3c5079d5deecca7d9
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_i386.deb
    Size/MD5 checksum:    59086 f928fd96f37229e72661fa7140a0daa9
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_i386.deb
    Size/MD5 checksum:   289088 477ce333d4a1b9f506645ff22193191f
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_i386.deb
    Size/MD5 checksum:    70932 90cd2be30fb0f0e0ff97820e1b8c19f1
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_i386.deb
    Size/MD5 checksum:    63690 f5c320e1f272a52ec9354b27f5c36082
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_i386.deb
    Size/MD5 checksum:    60846 0f30b9acbc10ec2c648edf19b8e41178

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_ia64.deb
    Size/MD5 checksum:    67508 8d853ada8818a91fa022e0dd52c19edf
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_ia64.deb
    Size/MD5 checksum:    63054 22a7de81eb0ec31a95632eb555a888c1
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_ia64.deb
    Size/MD5 checksum:    77062 04cffb6683e4a3c92f5f48e8d2df5dd8
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_ia64.deb
    Size/MD5 checksum:    67366 0f9272c16ab8cf4e75129f5a3eaa5d71
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_ia64.deb
    Size/MD5 checksum:   403358 aefa2c83a3baf3ee9ae8ba1c6629e22e
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_ia64.deb
    Size/MD5 checksum:    61176 ea0d6334ab0904bddbbe9cf90a72ba9e

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_mips.deb
    Size/MD5 checksum:    62658 8799ed08b706281b21814f559f858be9
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_mips.deb
    Size/MD5 checksum:    58572 7520f8302f2e0cb1ceed528d01c1aea7
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_mips.deb
    Size/MD5 checksum:    62526 c75ac1e607ebcbc95ed03e8adb088dec
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_mips.deb
    Size/MD5 checksum:   296088 f05c1b65de0bb165c1fa8ef749c1f60c
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_mips.deb
    Size/MD5 checksum:    59960 76b2266c789cad50fae1d751cc2be88c
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_mips.deb
    Size/MD5 checksum:    69236 61394a59d58c8f5f5c721a4085fee51e

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_mipsel.deb
    Size/MD5 checksum:    59282 56363403b07fd8bb4ec4628c4607cd8b
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_mipsel.deb
    Size/MD5 checksum:    63368 f8378c36175b9b3f87f038f45cad5e4d
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_mipsel.deb
    Size/MD5 checksum:    70020 e7b073ea24c3de3404f69ad8dbdd43df
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_mipsel.deb
    Size/MD5 checksum:    60762 cdb8770285645d0ea048b02fb866f63a
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_mipsel.deb
    Size/MD5 checksum:    63542 c5a4b5467b6917a7065e1ef6a57fd3a2
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_mipsel.deb
    Size/MD5 checksum:   297260 1d3b8cac9795b18e231e5f99a25d9f3b

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_powerpc.deb
    Size/MD5 checksum:    71762 4465577bc817611ca87c7f21bc0d2642
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_powerpc.deb
    Size/MD5 checksum:    65390 ac39f8d16559e8a4e8bd09a274c58895
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_powerpc.deb
    Size/MD5 checksum:    65114 844e63058ca4968673e652684c37c309
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_powerpc.deb
    Size/MD5 checksum:   323818 11066e5afd416b95a825212056d6d493
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_powerpc.deb
    Size/MD5 checksum:    62462 4eeb054f0838cd87f8ff21b798dd1110
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_powerpc.deb
    Size/MD5 checksum:    60644 0b547baa6b634ee3e606f58a1b503f26

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_s390.deb
    Size/MD5 checksum:   307236 828090c5177429f28bdfcdc653aff701
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_s390.deb
    Size/MD5 checksum:    64244 df43829d7d3a6cb956444e6c4123af6f
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_s390.deb
    Size/MD5 checksum:    59580 f2d8a504078229d6a9c90ca2312736f2
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_s390.deb
    Size/MD5 checksum:    61082 c73356530cb3936b5eaf0fa09b941bff
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_s390.deb
    Size/MD5 checksum:    71368 15a98ad24b35b3a4461748b31d2408a7
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_s390.deb
    Size/MD5 checksum:    64632 2e037627c148aaa336465a89f9b6cc99


  These files will probably be moved into the stable distribution on
  its next update.

- 
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIBPbWwM/Gs81MDZ0RArRXAJ0cGuFKLtiqtL6LyYlICvf2ZCeR2QCfSJuC
2y6JeS50GJmsg5OzVS8nMl0=
=3iPk
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [SECURITY] [DSA 1540-2] New lighttpd packages fix denial of service, Steve Kemp <=
Previous by Date:  Re: [Full-disclosure] Web Application Security Awareness Day, Jeff Stebelton
Next by Date:  [Full-disclosure] iDefense Security Advisory 04.14.08: ClamAV libclamav PeSpin Heap Overflow Vulnerability, iDefense Labs
Previous by Thread:  [Full-disclosure] Web Application Security Awareness Day, n3td3v
Next by Thread:  [Full-disclosure] iDefense Security Advisory 04.14.08: ClamAV libclamav PeSpin Heap Overflow Vulnerability, iDefense Labs
Indexes:  [Date] [Thread] [Top] [All Lists]