lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <46a8c335.fnZjuPq1HGj7SG6G%foresight-security-noreply@foresightlinux.org>
Date: Thu, 26 Jul 2007 11:52:21 -0400
From: Foresight Linux Essential Announcement Service <foresight-security-noreply@...esightlinux.org>
To: foresight-security-announce@...ts.rpath.org
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	lwn@....net
Subject: FLEA-2007-0034-1: 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0034-1
Published: 2007-07-26

Rating: Major

Updated Versions:
    lighttpd=/conary.rpath.com@rpl:devel//1/1.4.15-0.3-1
    group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.6-2

References:
    https://issues.rpath.com/browse/RPL-1550
    https://issues.rpath.com/browse/RPL-1554

Description:
    Previous versions of the lighttpd package are vulnerable to multiple
    attacks, among which remote attackers may circumvent access-control
    settings or crash the server by issuing various malformed or malicious
    requests.  It has not been determined that these vulnerabilities can
    be exploited to execute malicious code.

    lighttpd is configured to be the default web server for the Foresight
    System Manager. If a malicious user were to cause a Denial of Service via
    the above attack vectors, the system would no longer be configurable or
    updateable via the System Manager.

- ---

Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)

iQIVAwUBRqjDLNfwEn07iAtZAQJ/GBAAhfGTlgT8142XQZNzLd2LcWBDHdRJBUZE
ciGE5gcXsD+d/ixh592s+ET4eP9NkjrMKgH42fqW/KN9vEJ5WhZ/0s3dGojiGBEs
FsxU+DFWAa7ACLUt83Izm39HBrHtanzwrHHddkXIkF04Dcv12HoK/1g4imTLFQ9p
3NICH6n/S8G4idpIotbxVvBa+AU7rM/x0m/Ekits8fDybSrFYhLyyWVELWUUB8ww
sxxnCmUfCTw6t4YgTud8BEuEf2zaGNPKybfydCVKpk6YtDzepuS+bDsblDmStA7f
O8pcwz20s8hIspchf9hAeGjsuLYW+oteEuLWcbYmbTd6nNUzk+rh62CwZrrsrsJQ
Ws0vb7fC8wbKlVwUuA746vM0JxPl5b3VeqDSRvc8olRnzx72f4LyGYSsoENxTgv+
toI9RSkAt1/Hl8gcika1tpQ+s8Rex90sBlT47W7kIaD2WP2OqmvR5hpPqusqLA/l
mwi+f0tE/kTAL4vFXOH5+GSTA9q+x6pg0JNhCh/V97Z9RWmVenRoLtxbuznsryez
td+l7fCpkk5950sBWnHCRTdPlrGrumgu9sx7/ZpSYdizqSnSXj8Jex/f2oS6KNG6
8O8BSbdcg5579k7zMzmRC+6IMWlloJToEZ8lbE230JKiXaeVIojprA/i0kRtFzv6
kbnZjntvOCg=
=N9w3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ