Security
Security
Multiple vulnerabilities have been found in lighttpd, allowing remote attackers cause a Denial of Service condition or execute arbitrary SQL statements.
| Package | www-servers/lighttpd on all architectures |
|---|---|
| Affected versions | < 1.4.35 |
| Unaffected versions | >= 1.4.35 |
lighttpd is a lightweight high-performance web server.
Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details.
A remote attacker could create a Denial of Service condition. Futhermore, a remote attacker may be able to execute arbitrary SQL statements.
There is no known workaround at this time.
All lighttpd users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.35"