FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lighttpd -- multiple vulnerabilities

Affected packages
lighttpd < 1.4.34

Details

VuXML ID 90b27045-9530-11e3-9d09-000c2980a9f3
Discovery 2013-11-28
Entry 2014-02-14

lighttpd security advisories report:

It is possible to inadvertantly enable vulnerable ciphers when using ssl.cipher-list.

[source]

In certain cases setuid() and similar can fail, potentially triggering lighttpd to restart running as root.

[source]

If FAMMonitorDirectory fails, the memory intended to store the context is released; some lines below the "version" compoment of that context is read. Reading invalid data doesn't matter, but the memory access could trigger a segfault.

[source]

References

CVE Name CVE-2013-4508
CVE Name CVE-2013-4559
CVE Name CVE-2013-4560
URL http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt
URL http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt
URL http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.