Nom du paquet
lighttpd
Date
2013-04-10
Advisory ID
MDVSA-2013:100
Affected versions
MBS1 x86_64

Problem description

The http_request_split_value function in request.c in lighttpd
before 1.4.32 allows remote attackers to cause a denial of service
(infinite loop) via a request with a header containing an empty
token, as demonstrated using the Connection: TE,,Keep-Alive header
(CVE-2012-5533).

Updated packages

MBS1 x86_64

 1f9672e603a521ef9700c93988e78d8a  mbs1/x86_64/lighttpd-1.4.30-6.1.mbs1.x86_64.rpm
 0bf593384f0eae5b5da53534eb4a2dc4  mbs1/x86_64/lighttpd-mod_auth-1.4.30-6.1.mbs1.x86_64.rpm
 027debf6342d1f45a9757ac1a442937d  mbs1/x86_64/lighttpd-mod_cml-1.4.30-6.1.mbs1.x86_64.rpm
 a1364305e91d876cb8a053ed82a8e965  mbs1/x86_64/lighttpd-mod_compress-1.4.30-6.1.mbs1.x86_64.rpm
 d015e5c8d57800b306cd4ad5cde9b3f5  mbs1/x86_64/lighttpd-mod_magnet-1.4.30-6.1.mbs1.x86_64.rpm
 d1b1796113f1e852ddc36694ee8b5e76  mbs1/x86_64/lighttpd-mod_mysql_vhost-1.4.30-6.1.mbs1.x86_64.rpm
 76399d4981fb67e66de73040afccd47f  mbs1/x86_64/lighttpd-mod_trigger_b4_dl-1.4.30-6.1.mbs1.x86_64.rpm
 993e7c600ff357af50bbb7a94ee8bc5a  mbs1/x86_64/lighttpd-mod_webdav-1.4.30-6.1.mbs1.x86_64.rpm 
 83adc393b5d45412afe0b1bcf6de78ef  mbs1/SRPMS/lighttpd-1.4.30-6.1.mbs1.src.rpm

References