Multiple vulnerabilities in lighttpd may lead to information disclosure or a Denial of Service.
Package | www-servers/lighttpd on all architectures |
---|---|
Affected versions | < 1.4.20 |
Unaffected versions | >= 1.4.20 |
lighttpd is a lightweight high-performance web server.
Multiple vulnerabilities have been reported in lighttpd:
A remote attacker could exploit these vulnerabilities to cause a Denial of Service, to bypass intended access restrictions, to obtain sensitive information, or to possibly modify data.
There is no known workaround at this time.
All lighttpd users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.20"
Release date
December 02, 2008
Latest revision
December 02, 2008: 01
Severity
normal
Exploitable
remote
Bugzilla entries