oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

lighttpd 1.4.32 released, fixing CVE-2012-5533

From: Stefan Bühler <stbuehler () lighttpd net>
Date: Wed, 21 Nov 2012 13:20:13 +0100
Hi,

we just released lighttpd 1.4.32, fixing a DoS reported by Jesse
Sipprell from McClatchy Interactive, Inc.

Sending "Connection: TE,,Keep-Alive" as header will trigger an endless
loop; as lighttpd is single threaded all request handling will stop
immediately.

Only lighttpd 1.4.31 is affected by this.

For more details and other changes see:
* http://www.lighttpd.net/2012/11/21/1-4-32/
* http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txt

Regards,
Stefan

Attachment: signature.asc
Description:

Previous By Date Next
Previous By Thread Next

Current thread: