FLEA-2007-0034-1:

To: foresight-security-announce@xxxxxxxxxxxxxxx
Subject: FLEA-2007-0034-1:
From: Foresight Linux Essential Announcement Service <foresight-security-noreply@xxxxxxxxxxxxxxxxxx>
Date: Thu, 26 Jul 2007 11:52:21 -0400
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, lwn@xxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Heirloom mailx 12.2 01/07/07

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0034-1
Published: 2007-07-26

Rating: Major

Updated Versions:
    lighttpd=/conary.rpath.com@rpl:devel//1/1.4.15-0.3-1
    group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.6-2

References:
    https://issues.rpath.com/browse/RPL-1550
    https://issues.rpath.com/browse/RPL-1554

Description:
    Previous versions of the lighttpd package are vulnerable to multiple
    attacks, among which remote attackers may circumvent access-control
    settings or crash the server by issuing various malformed or malicious
    requests.  It has not been determined that these vulnerabilities can
    be exploited to execute malicious code.

    lighttpd is configured to be the default web server for the Foresight
    System Manager. If a malicious user were to cause a Denial of Service via
    the above attack vectors, the system would no longer be configurable or
    updateable via the System Manager.

- ---

Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)

iQIVAwUBRqjDLNfwEn07iAtZAQJ/GBAAhfGTlgT8142XQZNzLd2LcWBDHdRJBUZE
ciGE5gcXsD+d/ixh592s+ET4eP9NkjrMKgH42fqW/KN9vEJ5WhZ/0s3dGojiGBEs
FsxU+DFWAa7ACLUt83Izm39HBrHtanzwrHHddkXIkF04Dcv12HoK/1g4imTLFQ9p
3NICH6n/S8G4idpIotbxVvBa+AU7rM/x0m/Ekits8fDybSrFYhLyyWVELWUUB8ww
sxxnCmUfCTw6t4YgTud8BEuEf2zaGNPKybfydCVKpk6YtDzepuS+bDsblDmStA7f
O8pcwz20s8hIspchf9hAeGjsuLYW+oteEuLWcbYmbTd6nNUzk+rh62CwZrrsrsJQ
Ws0vb7fC8wbKlVwUuA746vM0JxPl5b3VeqDSRvc8olRnzx72f4LyGYSsoENxTgv+
toI9RSkAt1/Hl8gcika1tpQ+s8Rex90sBlT47W7kIaD2WP2OqmvR5hpPqusqLA/l
mwi+f0tE/kTAL4vFXOH5+GSTA9q+x6pg0JNhCh/V97Z9RWmVenRoLtxbuznsryez
td+l7fCpkk5950sBWnHCRTdPlrGrumgu9sx7/ZpSYdizqSnSXj8Jex/f2oS6KNG6
8O8BSbdcg5579k7zMzmRC+6IMWlloJToEZ8lbE230JKiXaeVIojprA/i0kRtFzv6
kbnZjntvOCg=
=N9w3
-----END PGP SIGNATURE-----

Prev by Date: [security bulletin] HPSBMA02133 SSRT061201 rev.5 - HP Oracle for OpenView (OfO) Critical Patch Update
Next by Date: [SECURITY] [DSA 1342-2] New bind9 packages fix DNS cache poisoning
Previous by thread: [security bulletin] HPSBMA02133 SSRT061201 rev.5 - HP Oracle for OpenView (OfO) Critical Patch Update
Next by thread: [SECURITY] [DSA 1342-2] New bind9 packages fix DNS cache poisoning
Index(es):
- Date
- Thread