Multiple vulnerabilities have been found in lighttpd, allowing remote attackers cause a Denial of Service condition or execute arbitrary SQL statements.
|Package||www-servers/lighttpd on all architectures|
|Affected versions||< 1.4.35|
|Unaffected versions||>= 1.4.35|
lighttpd is a lightweight high-performance web server.
Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details.
A remote attacker could create a Denial of Service condition. Futhermore, a remote attacker may be able to execute arbitrary SQL statements.
There is no known workaround at this time.
All lighttpd users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.35"