oss-sec mailing list archives
lighttpd 1.4.32 released, fixing CVE-2012-5533
From: Stefan Bühler <stbuehler () lighttpd net>
Date: Wed, 21 Nov 2012 13:20:13 +0100
Hi, we just released lighttpd 1.4.32, fixing a DoS reported by Jesse Sipprell from McClatchy Interactive, Inc. Sending "Connection: TE,,Keep-Alive" as header will trigger an endless loop; as lighttpd is single threaded all request handling will stop immediately. Only lighttpd 1.4.31 is affected by this. For more details and other changes see: * http://www.lighttpd.net/2012/11/21/1-4-32/ * http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txt Regards, Stefan
Attachment:
signature.asc
Description:
Current thread:
- lighttpd 1.4.32 released, fixing CVE-2012-5533 Stefan Bühler (Nov 21)