Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1540-3] New lighttpd packages fix regression (1/3)

From Thijs Kinkhorst@1:229/2 to All on Wed Jul 23 21:10:09 2008

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1540-3 [email protected] http://www.debian.org/security/ Thijs Kinkhorst
July 23, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : lighttpd
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1531

This update fixes a regression in lighttpd introduced in DSA-1540,
causing SSL failures. For reference the original advisory text is
quoted below.

It was discovered that lighttpd, a fast webserver with minimal memory footprint, was didn't correctly handle SSL errors. This could allow
a remote attacker to disconnect all active SSL connections.

For the stable distribution (etch), this problem has been fixed in
version 1.4.13-4etch10.

We recommend that you upgrade your lighttpd package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10.diff.gz
Size/MD5 checksum: 36023 5421eda86388cddf30348ee39c8b2059
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz
Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10.dsc
Size/MD5 checksum: 1392 6011ac4224ab8ff0c1c9355f30ab11a9

Architecture independent packages:

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch10_all.deb
Size/MD5 checksum: 100096 416759ae3a223ab799bbc7b264329600

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_alpha.deb
Size/MD5 checksum: 319874 0b138412935fb92f57bf968d075a05c1
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_alpha.deb
Size/MD5 checksum: 64968 5357d1c9aad4f5f5c03016d708670164
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_alpha.deb
Size/MD5 checksum: 65408 03933a616584ab63c0e59e652856b99c
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_alpha.deb
Size/MD5 checksum: 60148 8ed6ab0f02706ba339813f160cac356d
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_alpha.deb
Size/MD5 checksum: 61924 7171b0c3a9542b33a73b38e9b2ac516d
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_alpha.deb
Size/MD5 checksum: 71890 3d4973ba1c5e8d4938a35f7247e1cdbf

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_amd64.deb
Size/MD5 checksum: 70182 7ab5aa294cc9a9949ec81c850dddafee
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_amd64.deb
Size/MD5 checksum: 60978 961bc12a093309e50684188b2e948461
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_amd64.deb
Size/MD5 checksum: 64116 c745249a7e7e42d0abdd3c7761ffb086
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_amd64.deb
Size/MD5 checksum: 59368 aceae8b5e32229cf22de3d3b34344ba9
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_amd64.deb
Size/MD5 checksum: 297762 f6cf537e673702bc7f801a697368a5bc
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_amd64.deb
Size/MD5 checksum: 63822 9345b068868eb6209ec440d58ce86c55

arm architecture (ARM)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_arm.deb
Size/MD5 checksum: 286920 d13637f537de06b137194407064ac0a9
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_arm.deb
Size/MD5 checksum: 69928 a3f8604454dcdd7c7b8ae9f11302e833
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_arm.deb
Size/MD5 checksum: 61044 773180da5b9fc10d1d9d2dd414249ff5
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_arm.deb
Size/MD5 checksum: 58916 c794ba700e98dacb27bab69f64c9e149
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_arm.deb
Size/MD5 checksum: 63308 5e657e92c3da9916dbbaee9c4a03f018
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_arm.deb
Size/MD5 checksum: 63104 08e2941228b962c26c3a32bf0e86d32a

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_hppa.deb
Size/MD5 checksum: 60160 69f1cd388dd12927944a18bc13ac2bfd
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_hppa.deb
Size/MD5 checksum: 65266 01e1a4431148a150b7f9d8a7686c00f2
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_hppa.deb
Size/MD5 checksum: 62150 0330b4725c3f6d0c3cd75c52d568a555
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_hppa.deb
Size/MD5 checksum: 65772 cd104584c07c3a20e476c4ab2bc16031
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_hppa.deb
Size/MD5 checksum: 73212 53e4b9752c555a2fd0b415d37f62c3f0
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_hppa.deb
Size/MD5 checksum: 324330 2d95d0da6c2b87dbf0b985eb1ab8f807

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_i386.deb
Size/MD5 checksum: 285396 caed89abf2b41aa96f854f391eeab7dd

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	146:59:00
Calls:	12,091
Calls today:	4
Files:	15,000
Messages:	6,517,518

[SECURITY] [DSA 1540-3] New lighttpd packages fix regression (1/3)

Who's Online

Recent Visitors

System Info