[SECURITY] Fedora 7 Update: lighttpd-1.4.18-1.fc7
updates at fedoraproject.org
updates at fedoraproject.org
Wed Sep 12 16:43:05 UTC 2007
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2132
2007-09-12 09:43:02.466839
--------------------------------------------------------------------------------
Name : lighttpd
Product : Fedora 7
Version : 1.4.18
Release : 1.fc7
Summary : Lightning fast webserver with light system requirements
Description :
Secure, fast, compliant and very flexible web-server which has been optimized
for high-performance environments. It has a very low memory footprint compared
to other webservers and takes care of cpu-load. Its advanced feature-set
(FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make
it the perfect webserver-software for every server that is suffering load
problems.
Available rpmbuild rebuild options :
--with : gamin webdavprops webdavlocks memcache
--without : ldap gdbm lua (cml)
--------------------------------------------------------------------------------
Update Information:
Lighttpd (1.4.17 and earlier) is prone to a header overflow when using the mod_fastcgi extension, this can lead to arbitrary code execution in the fastcgi application. This 1.4.18 update fixes the issue.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 10 2007 Matthias Saou <http://freshrpms.net/> 1.4.18-1
- Update to 1.4.18.
- Include newly installed lighttpd-angel ("angel" process meant to always run
as root and restart lighttpd when it crashes, spawn processes on SIGHUP), but
it's in testing stage and must be run with -D for now.
* Wed Sep 5 2007 Matthias Saou <http://freshrpms.net/> 1.4.17-1
- Update to 1.4.17.
- Update defaultconf patch to match new example configuration.
- Include patch to fix log file rotation with max-workers set (trac #902).
- Add /var/run/lighttpd/ directory where to put fastcgi sockets.
* Thu Aug 23 2007 Matthias Saou <http://freshrpms.net/> 1.4.16-3
- Add /usr/bin/awk build requirement, used to get LIGHTTPD_VERSION_ID.
* Wed Aug 22 2007 Matthias Saou <http://freshrpms.net/> 1.4.16-2
- Rebuild to fix wrong execmem requirement on ppc32.
* Thu Jul 26 2007 Matthias Saou <http://freshrpms.net/> 1.4.16-1
- Update to 1.4.16 security fix release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #284511
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=284511
[ 2 ] CVE-2007-4727
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4727
--------------------------------------------------------------------------------
Updated packages:
10a186bdb8c9a47f16c708d63d51f20efc5e4b42 lighttpd-fastcgi-1.4.18-1.fc7.ppc64.rpm
c60e37fa4b3a42d6da0116714955d401097b9340 lighttpd-1.4.18-1.fc7.ppc64.rpm
bd673b2a76dc9d5f4cae227be3675e2f07bd6a8f lighttpd-mod_mysql_vhost-1.4.18-1.fc7.ppc64.rpm
e84db23894b037196eec0c0b6abdb04e11925725 lighttpd-debuginfo-1.4.18-1.fc7.ppc64.rpm
890545f7dce17ccea1444fe2b33fcb6dadde9d1a lighttpd-debuginfo-1.4.18-1.fc7.i386.rpm
6e2e3d3e32c39d64556b920341b2ab25a57824ba lighttpd-fastcgi-1.4.18-1.fc7.i386.rpm
fc7b7a1449bb4e5dd7b6b6fda323b92bb602c25f lighttpd-mod_mysql_vhost-1.4.18-1.fc7.i386.rpm
5d470de19a7bee52b5238e26b0fd452b1c424fc8 lighttpd-1.4.18-1.fc7.i386.rpm
388073708e0ed17551cc01e7f34abaa66ab5f091 lighttpd-fastcgi-1.4.18-1.fc7.x86_64.rpm
af1f66dd36b1f0b3f7bb6121ea46347ff93ea8c7 lighttpd-debuginfo-1.4.18-1.fc7.x86_64.rpm
45ff6e353b45ebac9deb710a54f27314c94b8533 lighttpd-1.4.18-1.fc7.x86_64.rpm
807db4d7f0b2521d8f19f915d56ae4ae7b9f66dd lighttpd-mod_mysql_vhost-1.4.18-1.fc7.x86_64.rpm
f9fbf72140a0dcb2a3a2a3f1f10f81ad094a1394 lighttpd-debuginfo-1.4.18-1.fc7.ppc.rpm
c698a9db52d4dabaebe1013d54edb2ac5b608e07 lighttpd-fastcgi-1.4.18-1.fc7.ppc.rpm
50089c0688928391bdf6d714b0c61b5cb692398c lighttpd-1.4.18-1.fc7.ppc.rpm
f51a6530a0329cedaef42b49e9cac606142caa47 lighttpd-mod_mysql_vhost-1.4.18-1.fc7.ppc.rpm
f8d88f6c1a04ff4044f1e379d2cf854c17290176 lighttpd-1.4.18-1.fc7.src.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list